[Vtigercrm-developers] OWASP Top 10

Joe Bordes joe at tsolucio.com
Thu Jan 15 10:44:10 GMT 2015 

Thanks all :-)

I'll keep you posted with my findings.

Joe
TSolucio



On 15/01/15 07:54, Prasad wrote:
> We have established a internal security team who are focusing on OWASP 
> Top 10 vulnerability scanning and getting over it (but it is not yet 
> complete).
>
> Upgrading to the latest versions as it gets rolled is essential.
>
> We continue to be sensitive and be more vibrant towards understanding 
> the security issues and find fix. Its a pleasure to have many security 
> researches directly working towards this goal with us.
>
> Please do keep us posted on your finding us. Ultimately keep product 
> user and business safe is the key - we respect it very much.
>
> Regards,
> Prasad
>
> --
> FB <http://www.facebook.com/vtiger> I Twit 
> <http://twitter.com/vtigercrm> I LIn 
> <https://www.linkedin.com/company/1270573?trk=tyah> I Blog 
> <https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
>
> On Thu, Jan 15, 2015 at 11:44 AM, Uma S <uma.s at vtiger.com 
> <mailto:uma.s at vtiger.com>> wrote:
>
>     Hi,
>
>     We are trying to improvise our code from version to version
>     release. You can note the we have implemented MVC architecture  in
>     vtiger 6.1.0 which was not completely introduced in vtiger 5.4.
>
>     On Thu, Jan 15, 2015 at 9:36 AM, Hamono, Chris (DPC)
>     <Chris.Hamono at sa.gov.au <mailto:Chris.Hamono at sa.gov.au>> wrote:
>
>         I am sorry to be negative Joe, but I doubt any one has.
>
>         Personally I would only use vtiger behind a firewall. Much of
>         the code is very old very complicated and possibly vulnerable.
>
>         That's not to say great strides haven't been taken to improve
>         the code. There has been. The fact you have to turn off
>         warnings shows there is a lot of unprotected legacy code.
>
>         Chris
>
>
>         -----Original Message-----
>         From: vtigercrm-developers-bounces at lists.vtigercrm.com
>         <mailto:vtigercrm-developers-bounces at lists.vtigercrm.com>
>         [mailto:vtigercrm-developers-bounces at lists.vtigercrm.com
>         <mailto:vtigercrm-developers-bounces at lists.vtigercrm.com>] On
>         Behalf Of Joe Bordes
>         Sent: Tuesday, 13 January 2015 9:41 PM
>         To: vtigercrm-developers at lists.vtigercrm.com
>         <mailto:vtigercrm-developers at lists.vtigercrm.com>
>         Subject: [Vtigercrm-developers] OWASP Top 10
>
>         Hi,
>
>         I have a client who is trying to pass the ISO certification
>         and he needs an OWASP Top 10 analysis of vtiger CRM. Has
>         anybody done this before?
>
>         Thanks
>
>         --
>         Un saludo
>         Joe
>         TSolucio
>
>         _______________________________________________
>         http://www.vtiger.com/
>
>         _______________________________________________
>         http://www.vtiger.com/
>
>
>
>
>     -- 
>     With
>     Best Regards
>     Uma.S
>     Vtiger Team
>
>     _______________________________________________
>     http://www.vtiger.com/
>
>
>
>
> _______________________________________________
> http://www.vtiger.com/


-- 
Un saludo
Joe
TSolucio

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150115/2856284b/attachment.html>

More information about the vtigercrm-developers mailing list