Uploaded image for project: 'Apache Fineract'
  1. Apache Fineract
  2. FINERACT-969

Run OWASP zaproxy.org against Fineract (e.g. fineract.dev)

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Security
    • None

    Description

      giorgio in FINERACT-853 suggested to run https://www.zaproxy.org against Fineract.

      That sounds like a Great Idea - and may yield some interesting results and holes worth plugging.

      I this is easier to do against a public server instead of locally, then I hereby offer https://www.fineract.dev for this purpose. As its FAQ says, quote: "Try to crash our demo - and if you manage, then work with us in the open source project to make the Fineract code more scaleable and reliable!"

      Attachments

        1. wuifineract2.html
          648 kB
          Giorgio Zoppi
        2. wuifineract.html
          854 kB
          Giorgio Zoppi
        3. fineract-url-clicked.txt
          10 kB
          Joseph Makara
        4. fineract-api-SQLi-scan.html
          296 kB
          Joseph Makara

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. FINERACT-865 Strengthen/Harden Fineract 1.x to LTS Version by Upgrading Java & Improving Code Coverage of Tests

          • Major - Major loss of function.
          • Closed
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. FINERACT-879 Refine overly permissive Cross-Origin Resource Sharing (CORS) policy

          • Critical - Crashes, loss of data, severe memory leak.
          • Open
          is part of

          Bug - A problem which impairs or prevents the functions of the product. FINERACT-1306 Reporting meta-data entry not found - All reports modules

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. FINERACT-1338 SQL Injection - While "runreports" api is trying to load report parameters

          • Major - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. FINERACT-967 lgtm.com Security Vulnerability Assessment Scanning

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. FINERACT-854 Use prepared statements instead of string concatenated SQL everywhere

          • Major - Major loss of function.
          • In Progress

          Improvement - An improvement or enhancement to an existing feature or task. FINERACT-988 Snyk.io Security Vulnerability Assessment Scanning

          • Major - Major loss of function.
          • Closed

          Activity

            People

              josemakara Joseph Makara
              vorburger Michael Vorburger
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: