12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- [/
- Copyright (c) 2016-2019 Vinnie Falco (vinnie dot falco at gmail dot com)
- Distributed under the Boost Software License, Version 1.0. (See accompanying
- file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
- Official repository: https://github.com/boostorg/beast
- ]
- [section:security_review_bishop_fox Security Review (Bishop Fox) __video__]
- Since 2005, [@https://www.bishopfox.com/ Bishop Fox] has provided
- security consulting services to the Fortune 1000, high-tech startups,
- and financial institutions worldwide.
- Beast engaged Bishop Fox to assess the security of the Boost C++ Beast HTTP/S
- networking library. The following report details the findings identified during
- the course of the engagement, which started on September 11, 2017.
- The assessment team conducted a hybrid application assessment of the Beast
- library. Bishop Fox’s hybrid application assessment methodology leverages
- the real-world attack techniques of application penetration testing in
- combination with targeted source code review to thoroughly identify
- application security vulnerabilities. These fullknowledge assessments
- begin with automated scans of the deployed application and source code.
- Next, analyses of the scan results are combined with manual review to
- thoroughly identify potential application security vulnerabilities. In
- addition, the team performs a review of the application architecture and
- business logic to locate any design-level issues. Finally, the team performs
- manual exploitation and review of these issues to validate the findings.
- [@https://vinniefalco.github.io/BeastAssets/Beast%20-%20Hybrid%20Application%20Assessment%202017%20-%20Assessment%20Report%20-%2020171114.pdf [*Beast - Hybrid Application Assessment 2017]]
- [/ "Securing Boost.Beast: A Non-Traditional Source Code Review"]
- '''
- <mediaobject>
- <videoobject>
- <videodata fileref="https://www.youtube.com/embed/4TtyYbGDAj0?rel=0"
- align="center" contentwidth="560" contentdepth="315"/>
- </videoobject>
- </mediaobject>
- '''
- [endsect]
|