You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@fineract.apache.org by "Michael Vorburger (Jira)" <ji...@apache.org> on 2020/05/09 23:59:00 UTC

[jira] [Commented] (FINERACT-969) Run OWASP zaproxy.org against Fineract (e.g. fineract.dev)

    [ https://issues.apache.org/jira/browse/FINERACT-969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17103543#comment-17103543 ] 

Michael Vorburger commented on FINERACT-969:
--------------------------------------------

[~giorgio] did you mean your comment as a suggestion for someone else to do this, or would you be willing to contribute and try this yourself? You could e.g. create sub-tasks under this issue for anything interesting that you find. Actually finding issues could be distributed among a group of volunteers.

> Run OWASP zaproxy.org against Fineract (e.g. fineract.dev)
> ----------------------------------------------------------
>
>                 Key: FINERACT-969
>                 URL: https://issues.apache.org/jira/browse/FINERACT-969
>             Project: Apache Fineract
>          Issue Type: Improvement
>          Components: Security
>            Reporter: Michael Vorburger
>            Priority: Major
>
> [~giorgio] in FINERACT-853 suggested to run [https://www.zaproxy.org|https://www.zaproxy.org] against Fineract.
> That sounds like a Great Idea - and may yield some interesting results and holes worth plugging.
> I this is easier to do against a public server instead of locally, then I hereby offer https://www.fineract.dev for this purpose. As its FAQ says, quote: _"Try to crash our demo - and if you manage, then work with us in the open source project to make the Fineract code more scaleable and reliable!"_ :D



--
This message was sent by Atlassian Jira
(v8.3.4#803005)