Security Audit of Redmine
Added by Bernd May over 14 years ago
Hey, I am fairly new to web app deployment but one issue just keeps nagging at me since I began with redmine in our corporate network. We have to enable some sort of public access from the big evil net and all the weird, mad and evil people out there and it pains me to do so without at least a little security testing.
Before I do so and start to dig into the wonderful world of web app security testing tools, I would like to know, if anyone has already security tested. If you did, with what, how and what were your results?
I will, probably during the next days try my first steps with google skipfish and then share my results and would be thankful for any replies
regards
Bernd
Replies (1)
RE: Security Audit of Redmine - Added by Eric Davis over 14 years ago
I have done several security audits on Redmine as well as talked with people who have also done some. You are welcome to do your own audit, there is a Ruby on Rails Guide for Security that should get you started.
If you think you found something, please use our submitting a security bug process so we can make sure to handle them safely.
Thanks.
Eric Davis