Versions Compared

Old Version 1

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version 2

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Security Review/Scanning of pre-7.0
    1. Tasks for Security Review
      1. Third party to run a security analysis/scan (e.g. see OWASP list of vulnerability scanning tools or list of free security tools) against REST API
      2. Third party to run a security analysis/scan against Angular UI
      3. Create a Wiki page on DSpace 7 Security Analysis of what work we've already done. (Reviewed by someone in Leadership)
    2. Ideally, we build security tests into Integration Test framework to ensure we are checking permissions at all times
      1. In March 2020, 4Science did an analysis of existing IT security coverage (as part of DS-4411)  here: https://docs.google.com/document/d/13DMZ1iYE04D_6_8lrnHrI0uqKkz5RqMU6tWJMrHv88Y/edit
      2. An update to this analysis could be performed, concentrating on any new gaps.
    3. Better document expected permissions for all endpoints in the REST API.
    4. Other ideas?
    :  See DSpace 7 Security Analysis 
  2. Performance testing of pre-7.0
  3. Tasks for Performance Testing
    1. Third party to install/upgrade to DSpace 7 in a dev environment with...
      1. Large site overall (in terms of number of Items). What to test: overall performance of browsing/searching site.
      2. Large Community/Collection hierarchy. What to test: browsing Communities/Collections. Test creating a new Community, Collection or Item.
      3. One Collection with thousands of Items. What to test: browsing/searching within that Collection.
      4. One item with 100s of Bitstreams. What to test: test viewing/editing that individual Item. Test searching for that Item.
      5. One item with lots of Authors. What to test: test viewing/editing that individual Item. Test searching for that Item.
  4. There's also Chris Wilper's JMeter scripts from 2019 which might be able to provide some basic feedback here
  5. Ideally, again it'd be nice if we could perform this sort of analysis in a more automated/regular basis (perhaps via Integration Tests which load a lot of dummy data?).
    6. Other ideas?: See DSpace 7 Performance Analysis

Delayed / Needs Discussion

...