Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  •  Run a security scan/analysis of the REST API (e.g. see OWASP list of vulnerability scanning tools or list of free security tools) and report back any discovered potential security issues. (Required expertise: developer / sysadmin / security expert, ideally one who is not yet a DSpace 7 expert)
  •  Run a security scan/analysis of the Angular UI (e.g. see OWASP list of vulnerability scanning tools or list of free security tools) and report back any discovered potential security issues. (Required expertise: developer / sysadmin / security expert, ideally one who is not yet a DSpace 7 expert) 
    • ZAP Analysis of Angular UI run by DSquare Technologies on May 15, 2021 Summary:
      • High Risk Alerts: 0
      • Medium Risk Alerts: 4 (Tim reviewed and these were all false positives & do not have to do with our codebase itself)
      • Low Risk Alerts: 7 (A few minor suggestions here, but 4 other false positives)
  •  Re-analyze all existing Integration Tests to ensure all restricted REST API endpoints include tests which check/verify access permissions on the endpoint.  This analysis may concentrate on endpoints added since March 2020 (see note below). (Required expertise: DSpace 7 core developer)
  •  Analyze/update REST Contract documentation to ensure all endpoints document expected permissions to access that endpoint.  This will simply help ensure our documentation is accurately describing our security checks. (Require expertise: DSpace 7 core developer)