[DOCU-218] Documentation Security Audit? Created: 06/Oct/11  Updated: 16/Oct/15  Resolved: 16/Oct/15

Status: Closed
Project: Documentation
Component/s: content
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Martin Schmid Assignee: Antti Hietala
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

RedHat EL


Attachments: PDF File OWASP Top 10 - 2010.pdf    
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:

 Description   

Is there a Documentation regarding the Security of Magnolia? We need information of the security mechanisms of Magnolia, i.e. an attestation or a certificate.



 Comments   
Comment by Antti Hietala [ 25/Oct/11 ]

Assigned ticket to Documentation.

We don't currently provide a security certificate but will take this under consideration. List here standards and known audits that such certificate should meet. What format is expected? (statement of compliance, tools and tests to perform an audit yourself, scope)

Related: A document on security best practices (tips) will be available shortly. It smaller in scope, not a certificate.

Comment by Antti Hietala [ 31/Oct/11 ]

There is no single certificate that would validate a Web application as secure. Security always depends on the environment the system is deployed in. However, some companies validate and document their Web app compliance against OWASP Top 10 (PDF attached) which is a list of most critical Web application security risks.

Generated at Mon Feb 12 01:07:03 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.