Security-audit and penetration-test of a Lift-application

54 views
Skip to first unread message

Andreas Joseph Krogh

unread,
Feb 14, 2024, 12:29:06 PMFeb 14
to lif...@googlegroups.com

Hi all.

 

Just wanted to share the conclusion of a security-audit and pentest we hired a security-company to conduct for us, highlights in bold:


Overall, the security posture of the assessed web application and external attack surface was
considered to be good, and generally followed industry-standard best practices.
 

The issues identified does not constitute vulnerabilities by themselves, but if left unfixed could
pose potential security risks for the organization. For example, exposing the administration console
for a service is not necessarily a vulnerability, but it leaves an attacker with the possibility to brute
force the credentials.
 

No compromise took place in either the web application or any of the identified exposed services.
 

It is worth mentioning that the web application expressed great security in both sanitizing user-
supplied input and access-control for data. It is clear that security has been emphasized during the
development process, and/or remediating issues from previous security assessments.


Thanks to Lift's excellent focus on security:-)

 

--
Andreas Joseph Krogh
CTO / Partner - Visena AS
Mobile: +47 909 56 963

David Pollak

unread,
Feb 14, 2024, 12:39:04 PMFeb 14
to lif...@googlegroups.com
Yay! Thank you for sharing!

--
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/liftweb/VisenaEmail.3b.2a41710ddb2821be.18da8a65d4b%40origo-test01.app.internal.visena.net.


--
Lift, the simply functional web framework https://liftweb.net

Torsten Uhlmann

unread,
Feb 15, 2024, 1:16:49 AMFeb 15
to Lift
That's great news- thanks for sharing!
Reply all
Reply to author
Forward
0 new messages