After rereading my message I wanted to reiterate that I'm not 100% convinced that all these are truly anything to be worried about. The application was never ran, it was all static analysis and no specific attack vectors were discovered.
But before I brush them aside, I wanted to run them by you all. I'll post on [EMAIL PROTECTED] On Wed, Jul 2, 2008 at 12:52 AM, Nathan Bubna <[EMAIL PROTECTED]> wrote: > If this is a web application, be sure you've read this: > > http://wiki.apache.org/velocity/BuildingSecureWebApplications > > On Tue, Jul 1, 2008 at 5:21 PM, Tom Jenkins <[EMAIL PROTECTED]> wrote: > > Hello all, > > We just had to submit one of our applications to a security audit by a > third > > party. They flagged about 15 velocity classes after running it through > > their black box. I'm not 100% sure of the validity of some of these > flags. > > Is there some place I can discuss the issues? Or perhaps someone > directly? > > > > Thanks > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
