Page History
...
- Security Review/Scanning of pre-7.0
- Tasks for Security Review
- Third party to run a security analysis/scan (e.g. see OWASP list of vulnerability scanning tools or list of free security tools) against REST API
- Third party to run a security analysis/scan against Angular UI
- Create a Wiki page on DSpace 7 Security Analysis of what work we've already done. (Reviewed by someone in Leadership)
- Ideally, we build security tests into Integration Test framework to ensure we are checking permissions at all times
- In March 2020, 4Science did an analysis of existing IT security coverage (as part of DS-4411) here: https://docs.google.com/document/d/13DMZ1iYE04D_6_8lrnHrI0uqKkz5RqMU6tWJMrHv88Y/edit
- An update to this analysis could be performed, concentrating on any new gaps.
- Better document expected permissions for all endpoints in the REST API.
- Other ideas?
- Tasks for Security Review
- Performance testing of pre-7.0
- Tasks for Performance Testing
- Third party to install/upgrade to DSpace 7 in a dev environment with...
- Large site overall (in terms of number of Items). What to test: overall performance of browsing/searching site.
- Large Community/Collection hierarchy. What to test: browsing Communities/Collections. Test creating a new Community, Collection or Item.
- One Collection with thousands of Items. What to test: browsing/searching within that Collection.
- One item with 100s of Bitstreams. What to test: test viewing/editing that individual Item. Test searching for that Item.
- One item with lots of Authors. What to test: test viewing/editing that individual Item. Test searching for that Item.
- Third party to install/upgrade to DSpace 7 in a dev environment with...
- There's also Chris Wilper's JMeter scripts from 2019 which might be able to provide some basic feedback here
- Ideally, again it'd be nice if we could perform this sort of analysis in a more automated/regular basis (perhaps via Integration Tests which load a lot of dummy data?). Other ideas?: See DSpace 7 Performance Analysis
Delayed / Needs Discussion
...
Overview
Content Tools