Security-audit and penetration-test of a Lift-application

[Andreas Joseph Krogh]

Hi all.

 

Just wanted to share the conclusion of a security-audit and pentest we hired a security-company to conduct for us, highlights in bold:

---

Overall, the security posture of the assessed web application and external attack surface was
considered to be good, and generally followed industry-standard best practices.
 

The issues identified does not constitute vulnerabilities by themselves, but if left unfixed could
pose potential security risks for the organization. For example, exposing the administration console
for a service is not necessarily a vulnerability, but it leaves an attacker with the possibility to brute
force the credentials.
 

No compromise took place in either the web application or any of the identified exposed services.
 

It is worth mentioning that the web application expressed great security in both sanitizing user-
supplied input and access-control for data. It is clear that security has been emphasized during the
development process, and/or remediating issues from previous security assessments.

---

Thanks to Lift's excellent focus on security:-)

 

--

Andreas Joseph Krogh

CTO / Partner - Visena AS

Mobile: +47 909 56 963

and...@visena.com

www.visena.com

[David Pollak]

Yay! Thank you for sharing!

--
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/liftweb/VisenaEmail.3b.2a41710ddb2821be.18da8a65d4b%40origo-test01.app.internal.visena.net.

--

Fediverse: https://mastodon.social/@dpp

Lift, the simply functional web framework https://liftweb.net

Blog: https://blog.goodstuff.im

[Torsten Uhlmann]

That's great news- thanks for sharing!