boostorg/beast
1
0
Fork 1
mirror of https://github.com/boostorg/beast.git synced 2025-07-30 12:57:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update reports for hybrid assessment

Browse Source
This commit is contained in:
Vinnie Falco
2017-12-01 12:11:41 -08:00
parent e2b473753b
commit 1b86bc3c36
2 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -3,6 +3,7 @@
Version 148: Version 148:
* Install codecov on codecov CI targets only * Install codecov on codecov CI targets only
* Update reports for hybrid assessment
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------

29
doc/qbk/01_intro.qbk
View File

@ -101,7 +101,32 @@ for tirelessly answering questions on
[section Reports] [section Reports]
[block'''<?dbhtml stop-chunking?>'''] [block'''<?dbhtml stop-chunking?>''']
[section WebSocket] [section Security Review (Bishop Fox)]
Since 2005, [@https://www.bishopfox.com/ Bishop Fox] has provided
security consulting services to the Fortune 1000, high-tech startups,
and financial institutions worldwide.
Beast engaged Bishop Fox to assess the security of the Boost C++ Beast HTTP/S
networking library. The following report details the findings identified during
the course of the engagement, which started on September 11, 2017.
The assessment team conducted a hybrid application assessment of the Beast
library. Bishop Foxs hybrid application assessment methodology leverages
the real-world attack techniques of application penetration testing in
combination with targeted source code review to thoroughly identify
application security vulnerabilities. These fullknowledge assessments
begin with automated scans of the deployed application and source code.
Next, analyses of the scan results are combined with manual review to
thoroughly identify potential application security vulnerabilities. In
addition, the team performs a review of the application architecture and
business logic to locate any design-level issues. Finally, the team performs
manual exploitation and review of these issues to validate the findings.
[@https://vinniefalco.github.io/BeastAssets/Beast%20-%20Hybrid%20Application%20Assessment%202017%20-%20Assessment%20Report%20-%2020171114.pdf [*Beast - Hybrid Application Assessment 2017]]
[endsect]
[section WebSocket (Autobahn|Testsuite)]
The The
[@https://github.com/crossbario/autobahn-testsuite Autobahn WebSockets Testsuite] [@https://github.com/crossbario/autobahn-testsuite Autobahn WebSockets Testsuite]
@ -114,7 +139,7 @@ verification and performance and limits testing.
Autobahn|Testsuite is used across the industry and Autobahn|Testsuite is used across the industry and
contains over 500 test cases. contains over 500 test cases.
[@https://vinniefalco.github.io/boost/beast/reports/autobahn/index.html [*Autobahn|Testsuite WebSocket Results]] [@https://vinniefalco.github.io/BeastAssets/reports/autobahn/index.html [*Autobahn|Testsuite WebSocket Results]]
[warning [warning
Version 0.7.6 of Autobahn|Testsuite contains a Version 0.7.6 of Autobahn|Testsuite contains a