Hi Sue, > Thanks a bunch for the information. That's great news. I wonder if you > would be willing to share details of exactly how this testing was done so > others might be able to do and/or continue this testing?
It all depends on your particular testing tool - you may have local expertise in how to use it. For example at The University of Auckland we have an application security specialist who ran AppScan for us. First it spidered the site to discover all the URLs, we provided it with some extra information to customise the attacks it tried (which web server / database platform etc), and then it ran. The spidering was where we hit the first problem! DSpace has many, many, many(!) URLs. By the time you try every browse combination etc, AppScan was unable to complete the spidering. The spidering also did things like exported every collection, community, item, CSV exports too etc. So it went on for some time before we decided to kill it. In the end, rather than running on our full development server, we ran it on a test instance with about 10 items in it. AppScan was then able to complete. I hope that helps, Stuart Lewis Digital Development Manager Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 ------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
