44 lines
2.0 KiB
Plaintext
44 lines
2.0 KiB
Plaintext
[/
|
||
Copyright (c) 2016-2019 Vinnie Falco (vinnie dot falco at gmail dot com)
|
||
|
||
Distributed under the Boost Software License, Version 1.0. (See accompanying
|
||
file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
|
||
|
||
Official repository: https://github.com/boostorg/beast
|
||
]
|
||
|
||
[section:security_review_bishop_fox Security Review (Bishop Fox) __video__]
|
||
|
||
Since 2005, [@https://www.bishopfox.com/ Bishop Fox] has provided
|
||
security consulting services to the Fortune 1000, high-tech startups,
|
||
and financial institutions worldwide.
|
||
Beast engaged Bishop Fox to assess the security of the Boost C++ Beast HTTP/S
|
||
networking library. The following report details the findings identified during
|
||
the course of the engagement, which started on September 11, 2017.
|
||
|
||
The assessment team conducted a hybrid application assessment of the Beast
|
||
library. Bishop Fox’s hybrid application assessment methodology leverages
|
||
the real-world attack techniques of application penetration testing in
|
||
combination with targeted source code review to thoroughly identify
|
||
application security vulnerabilities. These fullknowledge assessments
|
||
begin with automated scans of the deployed application and source code.
|
||
Next, analyses of the scan results are combined with manual review to
|
||
thoroughly identify potential application security vulnerabilities. In
|
||
addition, the team performs a review of the application architecture and
|
||
business logic to locate any design-level issues. Finally, the team performs
|
||
manual exploitation and review of these issues to validate the findings.
|
||
|
||
[@https://vinniefalco.github.io/BeastAssets/Beast%20-%20Hybrid%20Application%20Assessment%202017%20-%20Assessment%20Report%20-%2020171114.pdf [*Beast - Hybrid Application Assessment 2017]]
|
||
|
||
[/ "Securing Boost.Beast: A Non-Traditional Source Code Review"]
|
||
'''
|
||
<mediaobject>
|
||
<videoobject>
|
||
<videodata fileref="https://www.youtube.com/embed/4TtyYbGDAj0?rel=0"
|
||
align="center" contentwidth="560" contentdepth="315"/>
|
||
</videoobject>
|
||
</mediaobject>
|
||
'''
|
||
|
||
[endsect]
|