Page History
...
- Run a security scan/analysis of the REST API (e.g. see OWASP list of vulnerability scanning tools or list of free security tools) and report back any discovered potential security issues. (Required expertise: developer / sysadmin / security expert, ideally one who is not yet a DSpace 7 expert)
- Run a security scan/analysis of the Angular UI (e.g. see OWASP list of vulnerability scanning tools or list of free security tools) and report back any discovered potential security issues. (Required expertise: developer / sysadmin / security expert, ideally one who is not yet a DSpace 7 expert)
- ZAP Analysis of Angular UI run by DSquare Technologies on May 15, 2021 Summary:
- High Risk Alerts: 0
- Medium Risk Alerts: 4 (Tim reviewed and these were all false positives & do not have to do with our codebase itself)
- Low Risk Alerts: 7 (A few minor suggestions here, but 4 other false positives)
- ZAP Analysis of Angular UI run by DSquare Technologies on May 15, 2021 Summary:
- Re-analyze all existing Integration Tests to ensure all restricted REST API endpoints include tests which check/verify access permissions on the endpoint. This analysis may concentrate on endpoints added since March 2020 (see note below). (Required expertise: DSpace 7 core developer)
- An initial analysis of REST API endpoints was completed by Andrea Bollini (4Science) , Mykhaylo Boychuk in March 2020 as part of 7.0 Beta 2. See DS-4411 and the accompanying detailed analysis document.
- Analyze/update REST Contract documentation to ensure all endpoints document expected permissions to access that endpoint. This will simply help ensure our documentation is accurately describing our security checks. (Require expertise: DSpace 7 core developer)
Overview
Content Tools