Any updates on this? I am in the process of finding a supplier to pen
test, wondering if i should be prepared for anything.
On Friday, October 9, 2015 at 11:26:55 AM UTC-4, Michael M wrote:
>
> My company has to have an outside firm Pen test all Web-Service
> applications. So I am spinning up
My company has to have an outside firm Pen test all Web-Service
applications. So I am spinning up two internal services and both are going
to be tested around November before they go into Prod from Non-Prod. I'm
starting talks with the InfoSec team to see if I can share the findings of
the
Niphold,
i dont see where you are pointing on https://www.qualys.com/
where is the web2py app that survived the security scan ?
thank you
2015-10-05 11:25 GMT+01:00 Niphlod :
> here in ***undisclosed company web2py survives a
> https://www.qualys.com/ security scan with
not really.
I built some apps on web2py that are live and in production, and since
EVERY app in my environment NEEDS to pass a Qualys scan to be live and
production ready, I know that MY apps survive a Qualys scan with flying
colors.
Point being "ATM web2py does not expose any obvious/hidden
:)
Nice to heard that!
Richard
On Thu, Oct 8, 2015 at 2:59 PM, Niphlod wrote:
> not really.
> I built some apps on web2py that are live and in production, and since
> EVERY app in my environment NEEDS to pass a Qualys scan to be live and
> production ready, I know that MY
@Antonio
I think Simone just point to the tool that can be use for such purpose...
You can use it over your App. From my understanding the App tested is the
Ian App...
Richard
On Thu, Oct 8, 2015 at 1:19 PM, António Ramos wrote:
> Niphold,
> i dont see where you are
well, IMHO it really shouldn't matter.
Yes, web2py, as any other mature framework, does its best to comply to
security best practices. As soon as they're found, they're addressed and
fixed. If you iterate long enough, you can be pretty sure that your
foundations are solid ground.
That being
Just to add my perception slightly from the outside - and I'm an A1 web2py
fan for life now, I've spent the last year inside it and not a lot else!
But would probably take the framework up a few levels if there was a really
good set of responses to this. Our app should hopefully start providing
Thanks, just running some of their tools against our app - all good so far,
if there's anything of interest I'll let you know (possibly off forum first
:))
On Monday, 5 October 2015 12:25:20 UTC+2, Niphlod wrote:
>
> here in ***undisclosed company web2py survives a
>
here in ***undisclosed company web2py survives
a https://www.qualys.com/ security scan with no reports whatsoever.
On Sunday, October 4, 2015 at 2:47:44 PM UTC+2, Ian Ryder wrote:
>
> Hi, just looking back over anything about penetration testing and web2py -
> does anyone know of any recent
+1
it would be nice to have a blog for this type of news...
2015-10-05 15:27 GMT+02:00 Ian Ryder :
> Thanks, just running some of their tools against our app - all good so
> far, if there's anything of interest I'll let you know (possibly off forum
> first :))
>
>
> On
Hi, just looking back over anything about penetration testing and web2py -
does anyone know of any recent (or any at all) testing of web2py? We're
getting close to our first customers on an app we've been developing the
last year so really need to try and pick it to pieces now while we have a
Well
I can't say that I have tested the current trunk version, but last December
I ran a pretty exhaustive penetration test against a site developed web2py.
The results were very good. No findings above low. The low findings were
insignificant. I ran Cenzic Hailstorm, Qualys and one
Thank you Dave for the feedback. It would be nice to have the results of
those tests (Cenznic, Hailstorm, Quails) published somewhere. Once in a
while people ask about this.
Massimo
On Tuesday, 10 July 2012 11:28:39 UTC-5, Dave wrote:
Well
I can't say that I have tested the current
No but I am willing to pay to get it done.
On Monday, 9 July 2012 10:48:39 UTC-5, scausten wrote:
One of the awesome things about web2py is of course the built-in and
well-documented resilience against a range of attack methods, but I was
wondering if anyone has attempted a methodical
I know a few of these guys, and they relly seem to know their stuff.
Let's see if they take the bait. :) They know python and webservices
very well.
BR,
Jason Brower
On 07/10/2012 01:24 AM, Massimo Di Pierro wrote:
No but I am willing to pay to get it done.
On Monday, 9 July 2012 10:48:39
16 matches
Mail list logo