[
https://issues.apache.org/jira/browse/FINERACT-969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17103771#comment-17103771
]
Michael Vorburger commented on FINERACT-969:
--------------------------------------------
I expect some of the issues identified here (using zaproxy.org) will naturally
overlap with what will be found in FINERACT-967 - that's fine.
FYI we have a GSoC student who is planning to work on FINERACT-854 and
FINERACT-853. I would expect that certain of the issues this investigation
uncovers will be fixed by that work. But we do not have to wait for that work
to complete; I'd just go ahead with this, and create JIRA bugs for everything
identified (create nice fine grained sub-tasks under this issue!). Then we can
later verify that the FINERACT-854 work actually fixed (some.. and which) of
the vulnerabilities that this may find.
> Run OWASP zaproxy.org against Fineract (e.g. fineract.dev)
> ----------------------------------------------------------
>
> Key: FINERACT-969
> URL: https://issues.apache.org/jira/browse/FINERACT-969
> Project: Apache Fineract
> Issue Type: Improvement
> Components: Security
> Reporter: Michael Vorburger
> Assignee: Giorgio Zoppi
> Priority: Major
>
> [~giorgio] in FINERACT-853 suggested to run
> [https://www.zaproxy.org|https://www.zaproxy.org] against Fineract.
> That sounds like a Great Idea - and may yield some interesting results and
> holes worth plugging.
> I this is easier to do against a public server instead of locally, then I
> hereby offer https://www.fineract.dev for this purpose. As its FAQ says,
> quote: _"Try to crash our demo - and if you manage, then work with us in the
> open source project to make the Fineract code more scaleable and reliable!"_
> :D
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
