Page History
...
- Run a security scan/analysis of the REST API (e.g. see OWASP list of vulnerability scanning tools or list of free security tools) and report back any discovered potential security issues. (Required expertise: developer / sysadmin / security expert, ideally one who is not yet a DSpace 7 expert)
- Run a security scan/analysis of the Angular UI (e.g. see OWASP list of vulnerability scanning tools or list of free security tools) and report back any discovered potential security issues. (Required expertise: developer / sysadmin / security expert, ideally one who is not yet a DSpace 7 expert)
- Re-analyze all existing Integration Tests to ensure all restricted REST API endpoints include tests which check/verify access permissions on the endpoint. This analysis may concentrate on endpoints added since March 2020 (see note below). (Required expertise: DSpace 7 core developer)
- An initial analysis of REST API endpoints was completed by Andrea Bollini (4Science) , Mykhaylo Boychuk in March 2020 as part of 7.0 Beta 2. See DS-4411 and the accompanying detailed analysis document.
- Analyze/update REST Contract documentation to ensure all endpoints document expected permissions to access that endpoint. This will simply help ensure our documentation is accurately describing our security checks. (Require expertise: DSpace 7 core developer)
Overview
Content Tools