Home Explore Help
Register Sign In
devn00b
/
EQ2EMu
9
3
Fork 0
Files Issues 59
Tree: a55fda41b5
Branches Tags
EQ2EMu
/
EQ2
/
source
/
depends
/
boost_1_72_0
/
libs
/
beast
/
doc
/
qbk
/
01_intro
/
1a_bishop_fox.qbk

1a_bishop_fox.qbk 2.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243 
  1. [/
    2. 

  2.     Copyright (c) 2016-2019 Vinnie Falco (vinnie dot falco at gmail dot com)
    3. 

  3. 

  4.     Distributed under the Boost Software License, Version 1.0. (See accompanying
    5. 

  5.     file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
    6. 

  6. 

  7.     Official repository: https://github.com/boostorg/beast
    8. 

  8. ]
    9. 

  9. 

  10. [section:security_review_bishop_fox Security Review (Bishop Fox) __video__]
    11. 

  11. 

  12. Since 2005, [@https://www.bishopfox.com/ Bishop Fox] has provided
    13. 

  13. security consulting services to the Fortune 1000, high-tech startups,
    14. 

  14. and financial institutions worldwide.
    15. 

  15. Beast engaged Bishop Fox to assess the security of the Boost C++ Beast HTTP/S
    16. 

  16. networking library. The following report details the findings identified during
    17. 

  17. the course of the engagement, which started on September 11, 2017.
    18. 

  18. 

  19. The assessment team conducted a hybrid application assessment of the Beast
    20. 

  20. library. Bishop Fox’s hybrid application assessment methodology leverages
    21. 

  21. the real-world attack techniques of application penetration testing in
    22. 

  22. combination with targeted source code review to thoroughly identify
    23. 

  23. application security vulnerabilities. These fullknowledge assessments
    24. 

  24. begin with automated scans of the deployed application and source code.
    25. 

  25. Next, analyses of the scan results are combined with manual review to
    26. 

  26. thoroughly identify potential application security vulnerabilities. In
    27. 

  27. addition, the team performs a review of the application architecture and
    28. 

  28. business logic to locate any design-level issues. Finally, the team performs
    29. 

  29. manual exploitation and review of these issues to validate the findings.
    30. 

  30. 

  31. [@https://vinniefalco.github.io/BeastAssets/Beast%20-%20Hybrid%20Application%20Assessment%202017%20-%20Assessment%20Report%20-%2020171114.pdf [*Beast - Hybrid Application Assessment 2017]]
    32. 

  32. 

  33. [/ "Securing Boost.Beast: A Non-Traditional Source Code Review"]
    34. 

  34. '''
    35. 

  35. <mediaobject>
    36. 

  36.   <videoobject>
    37. 

  37.     <videodata fileref="https://www.youtube.com/embed/4TtyYbGDAj0?rel=0"
    38. 

  38.       align="center" contentwidth="560" contentdepth="315"/>
    39. 

  39.   </videoobject>
    40. 

  40. </mediaobject>
    41. 

  41. '''
    42. 

  42. 

  43. [endsect]
    44.