At the Blackhat 2007 conference they ran the "Iron Chef Blackhat" competition. The aim was to find as many security vulnerabilities from a piece of software in 45 minutes as possible. And the software was... JSPWiki 2.4.
While I'm sort of honored to see this little program attracting attention, I'm kinda cringing, too. At the results. The winner found 17 bugs (including 13 XSS vulnerabilities) in 45 minutes. Not a very good track record (For us. Pretty good for him.) But on the other hand, this really is the first time we've had any sort of a security audit from someone who is not a member of the team. So what can I say? The only thing I can: Keep them coming - that's the only way we can build better software.
Now, however, just a minor request: kindly disclose all the issues you find... ;-)
(Nope. But we're getting closer...)
Back to weblog
|"Main_blogentry_080807_1" last changed on 08-Aug-2007 00:27:31 EEST by JanneJalkanen.|