[DOCU-218] Documentation Security Audit? Created: 06/Oct/11 Updated: 16/Oct/15 Resolved: 16/Oct/15 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | content |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Martin Schmid | Assignee: | Antti Hietala |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
RedHat EL |
||
| Attachments: |
|
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoR: |
Empty
|
| Date of First Response: |
| Description |
|
Is there a Documentation regarding the Security of Magnolia? We need information of the security mechanisms of Magnolia, i.e. an attestation or a certificate. |
| Comments |
| Comment by Antti Hietala [ 25/Oct/11 ] |
|
Assigned ticket to Documentation. We don't currently provide a security certificate but will take this under consideration. List here standards and known audits that such certificate should meet. What format is expected? (statement of compliance, tools and tests to perform an audit yourself, scope) Related: A document on security best practices (tips) will be available shortly. It smaller in scope, not a certificate. |
| Comment by Antti Hietala [ 31/Oct/11 ] |
|
There is no single certificate that would validate a Web application as secure. Security always depends on the environment the system is deployed in. However, some companies validate and document their Web app compliance against OWASP Top 10 (PDF attached) which is a list of most critical Web application security risks. |