AnsweredAssumed Answered

Assuring Security by testing

Question asked by mosipov on May 1, 2008
Hi devs,

I've been investigating Alfresco within my Bachelor's thesis "Application
of security test tools in open source" at the Free University of Berlin
(FU Berlin).
Basically, I am looking for security measures which have been taken to
prevent security leaks/vulnerabilities especially with security test
tools which provide fuzzing capabilities for SQL injection, parameter
tampering, path traversal, XSS etc.

So far, I have search the repository and the ant build.xml, the homepage/wiki
and the forums. The repo/build.xml revealed a JUnit target. The homepage/Wiki
revealed some very interesting information.

You do have a very extensive QA plan and test plan, additionally you list almost 100 OSS tools for any testing purpose, plus HP QuickTest Pro.
What I am interested to know is does any of the tools or techniques stated above any security testing since 90 % of the tools have nothing to do with security?
Have been any efforts taken to utilize them for? Moreover there are dedicated security testing tools out there? Was any tool considered? (LAPSE, Wfuzz, Absinthe, just to name a few)

So my point is: Were any measures taken whatsoever to assure security with testing tools,
a special test plan or functional requirements?

Thanks in advance,