WebLion/Plone Security: We're Solid

In cooperation with the ITS Security Operations and Services and WebLion partner College of Information Sciences and Technology, a comprehensive scan of security vulnerabilities shows that when properly installed, WebLion/Plone/Zope is a secure Web platform.

Security Operations and Services (SOS) is using AppScan, a sophisticated scanning and reporting application, to check Web-based applications in the psu.edu domain for security vulnerabilities. Typical vulnerabilities that are tested include SQL injection, cross-site scripting, cookie hijacking and other nefarious attack stratagies.

The results demonstrate that a properly installed instance of WebLion does not expose any known security vulnerabilities. The qualification that the site be properly installed is crucial. Without Penn State's authorization infrastructure in place (a crucial piece of WebLion), and without careful configuration of the server and associated applications like apache, you will in fact undermine the security of a WebLion site deployment and expose your network to great risk.

The WebLion team will continue to work with SOS to scan on a regular basis the WebLion-based Web sites, new functional enhancements, Plone updates and third party add-on applications for Plone. Our goal is to maintain the high level of security that Plone and WebLion developers have built into their products.

We encourage everyone who manages dynamic Web sites at Penn State to  request a security scan.

By Christian Vinten-Johansen on Wednesday, August 22, 2007

In Plone | WebLion

Permalink |  Comments (0)