Website status

[Andrew van der Stock]

Hi Board,

The penetration test continues this week. I've supplied the code to allow for all the SAST findings to be verified as well. Christian has helped provide contact between the website developer and the penetration testers, as there was an issue with the website blocking testing. We have completely bypassed the CloudFlare WAF and whitelisted all Vercel protections. It is somewhat likely that this is the code preventing malicious input, but we've short-circuited the discussion by making that direct connection. 

We are expecting fieldwork for the penetration test to conclude next week, and the report the following week. I'll share any findings privately with the Board whilst we address any issues. 

As you might have noticed, the database has been corrupted during testing. We might need to revert the database before making further content changes. We'll make a decision on that once testing has concluded, as it might be straightforward to clean up or less time-consuming to revert. 

thanks,

Andrew van der Stock
Distinguished Lifetime Member

Executive Director, OWASP

+1 510 697 9315