aleph icon indicating copy to clipboard operation
aleph copied to clipboard

Published 20 hours ago verified publisher icon merces

Create security tests (and fix them) for Web UI

Open turicas opened this issue 9 years ago • 3 comments

turicas avatar Jun 07 '15 13:06 turicas

@jseidl, can you please provide more information about how aleph Web UI is not secure?

turicas avatar Jun 07 '15 13:06 turicas

I'm just inferring due the lack of treating and testing. All inputs and get routing shall be checked and validated.

Also the search box is my major point of concern. Strict whitelisting shall be enforced there On Jun 7, 2015 4:52 PM, "Álvaro Justen" [email protected] wrote:

@jseidl https://github.com/jseidl, can you please provide more information about how aleph Web UI is not secure?

— Reply to this email directly or view it on GitHub https://github.com/trendmicro/aleph/issues/49#issuecomment-109758499.

jseidl avatar Jun 07 '15 13:06 jseidl

Also the webui lacks quota for uploading and brute force login control. Also no captcha on user registration could allow Mass registration scripts On Jun 7, 2015 4:57 PM, "Jan Seidl" [email protected] wrote:

I'm just inferring due the lack of treating and testing. All inputs and get routing shall be checked and validated.

Also the search box is my major point of concern. Strict whitelisting shall be enforced there On Jun 7, 2015 4:52 PM, "Álvaro Justen" [email protected] wrote:

@jseidl https://github.com/jseidl, can you please provide more information about how aleph Web UI is not secure?

— Reply to this email directly or view it on GitHub https://github.com/trendmicro/aleph/issues/49#issuecomment-109758499.

jseidl avatar Jun 07 '15 14:06 jseidl