<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Thanks all :-)<br>
<br>
I'll keep you posted with my findings.<br>
<br>
Joe<br>
TSolucio<br>
<br>
<br>
<br>
On 15/01/15 07:54, Prasad wrote:<br>
</div>
<blockquote
cite="mid:CAMeS7pk+692fQYGfiT9Njok3A3vUgAbiVmAOgbjZJzUZ7nmEtA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>We have established a internal security team who are
focusing on OWASP Top 10 vulnerability scanning and getting
over it (but it is not yet complete).<br>
</div>
<div><br>
</div>
<div>Upgrading to the latest versions as it gets rolled is
essential.<br>
<br>
We continue to be sensitive and be more vibrant towards
understanding the security issues and find fix. Its a pleasure
to have many security researches directly working towards this
goal with us.<br>
<br>
Please do keep us posted on your finding us. Ultimately keep
product user and business safe is the key - we respect it very
much.<br>
<br>
Regards,<br>
Prasad<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">--</div>
<div dir="ltr"><span
style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><a
moz-do-not-send="true"
href="http://www.facebook.com/vtiger"
style="color:rgb(0,0,204)"
target="_blank">FB</a> I </span><a
moz-do-not-send="true"
href="http://twitter.com/vtigercrm"
style="color:rgb(0,0,204)"
target="_blank">Twit</a> I <a
moz-do-not-send="true"
href="https://www.linkedin.com/company/1270573?trk=tyah"
style="color:rgb(0,0,204)"
target="_blank">LIn</a> I <a
moz-do-not-send="true"
href="https://blogs.vtiger.com"
style="color:rgb(0,0,204)"
target="_blank">Blog</a> I <a
moz-do-not-send="true"
href="https://www.vtiger.com/"
style="color:rgb(0,0,204)"
target="_blank">Website</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Thu, Jan 15, 2015 at 11:44 AM, Uma
S <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:uma.s@vtiger.com" target="_blank">uma.s@vtiger.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi,
<div><br>
</div>
<div>We are trying to improvise our code from version to
version release. You can note the we have implemented
MVC architecture in vtiger 6.1.0 which was not
completely introduced in vtiger 5.4.</div>
</div>
<div class="gmail_extra">
<div>
<div class="h5"><br>
<div class="gmail_quote">On Thu, Jan 15, 2015 at
9:36 AM, Hamono, Chris (DPC) <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:Chris.Hamono@sa.gov.au"
target="_blank">Chris.Hamono@sa.gov.au</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">I am sorry to be
negative Joe, but I doubt any one has.<br>
<br>
Personally I would only use vtiger behind a
firewall. Much of the code is very old very
complicated and possibly vulnerable.<br>
<br>
That's not to say great strides haven't been
taken to improve the code. There has been. The
fact you have to turn off warnings shows there
is a lot of unprotected legacy code.<br>
<br>
Chris<br>
<div>
<div><br>
<br>
-----Original Message-----<br>
From: <a moz-do-not-send="true"
href="mailto:vtigercrm-developers-bounces@lists.vtigercrm.com"
target="_blank">vtigercrm-developers-bounces@lists.vtigercrm.com</a>
[mailto:<a moz-do-not-send="true"
href="mailto:vtigercrm-developers-bounces@lists.vtigercrm.com"
target="_blank">vtigercrm-developers-bounces@lists.vtigercrm.com</a>]
On Behalf Of Joe Bordes<br>
Sent: Tuesday, 13 January 2015 9:41 PM<br>
To: <a moz-do-not-send="true"
href="mailto:vtigercrm-developers@lists.vtigercrm.com"
target="_blank">vtigercrm-developers@lists.vtigercrm.com</a><br>
Subject: [Vtigercrm-developers] OWASP Top 10<br>
<br>
Hi,<br>
<br>
I have a client who is trying to pass the
ISO certification and he needs an OWASP Top
10 analysis of vtiger CRM. Has anybody done
this before?<br>
<br>
Thanks<br>
<br>
--<br>
Un saludo<br>
Joe<br>
TSolucio<br>
<br>
_______________________________________________<br>
<a moz-do-not-send="true"
href="http://www.vtiger.com/"
target="_blank">http://www.vtiger.com/</a><br>
<br>
</div>
</div>
_______________________________________________<br>
<a moz-do-not-send="true"
href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span class="HOEnZb"><font color="#888888">-- <br>
<div>
<div dir="ltr">With<br>
Best Regards<br>
Uma.S<br>
<div>Vtiger Team</div>
</div>
</div>
</font></span></div>
<br>
_______________________________________________<br>
<a moz-do-not-send="true" href="http://www.vtiger.com/"
target="_blank">http://www.vtiger.com/</a><br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
<a class="moz-txt-link-freetext" href="http://www.vtiger.com/">http://www.vtiger.com/</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Un saludo
Joe
TSolucio</pre>
</body>
</html>