Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

revive vulnerability tests #152

Open
strantalis opened this issue Jun 28, 2024 · 2 comments
Open

revive vulnerability tests #152

strantalis opened this issue Jun 28, 2024 · 2 comments

Comments

@strantalis
Copy link
Member

We need to revive the old vulnerability testing that was originally implemented. This time we should be running scans against our http and grpc endpoints looking for any potential holes.

Also with this testing we should run a suite of tests that send

  • invalid access tokens
  • clients with improper roles to validate out casbin policy is enforcing the proper policy
@cassandrabailey293
Copy link
Contributor

removing from sprint - getting feedback from security team about general approach for ZAP / vuln testing

@jentfoo
Copy link
Contributor

jentfoo commented Nov 5, 2024

@jade-virtru and myself met to discuss next steps with Zap. Over the next two weeks we will be exploring paths to make Zap fully automated and ensure we have good API coverage. Following that work we will focus on centralizing and reporting these automated results.

In addition we are exploring SAST options. CodeQL has been turned on for our open source projects in opentdf, and we are continuing to explore options for our private code.

TL:DR; stay tuned, we are focusing on expanding our automated security validation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jentfoo @strantalis @cassandrabailey293