Hi all.
Just wanted to share the conclusion of a security-audit and pentest we hired a security-company to conduct for us, highlights in bold:
Overall, the security posture of the assessed web application and external attack surface was
considered to be good, and generally followed industry-standard best practices.
The issues identified does not constitute vulnerabilities by themselves, but if left unfixed could
pose potential security risks for the organization. For example, exposing the administration console
for a service is not necessarily a vulnerability, but it leaves an attacker with the possibility to brute
force the credentials.
No compromise took place in either the web application or any of the identified exposed services.
It is worth mentioning that the web application expressed great security in both sanitizing user-
supplied input and access-control for data. It is clear that security has been emphasized during the
development process, and/or remediating issues from previous security assessments.
Thanks to Lift's excellent focus on security:-)
--
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/liftweb/VisenaEmail.3b.2a41710ddb2821be.18da8a65d4b%40origo-test01.app.internal.visena.net.