Home
Exported

TOLOGIX - ISLG Maintenance

Project dealing with all ongoing maintenance of the current ISLG application (www.investorstatelawguide.com and dev.investorstatelawguide.com).
Laura Mindorff, COO at IndustrialHarsh Parikh, Tech Lead at DevITMelissa Cowell, General Manager at IndustrialJeff Horne, CEO at IndustrialMonica Martinez, MonolabMarysia RaptisPaul MoonIrit WeinfeldNafiseh Arghandehpour, Legal Content Manager at ISLGKetan Sondarva, Technical Project Manager at DevITMartin Laporte, CTO at TologixSharmila Srikanth, Quality Assurance Engineer at TologixKishan Badri, Strategic Account Manager at TologixSéverine Beaudet, Senior Legal Content Manager at TologixGary López Vélez, Junior Legal Content Manager at Tologix +4 others
From the list: Security - Development

Execute OWASP follow-up scan

Ryan K. added this on
Completed by Morgan M.
Assigned to
Ryan Knuth, Customer Support Manager at Industrial Ryan K.

Comments & Events

Morgan Maguire, CEO Morgan Maguire, CEO
Thanks Ryan Knuth, Customer Support Manager at Industrial Ryan .

Anil Vaghela Anil , please review the above, and see if there is any immediate fixes we can make to resolve the issues identified in the report, particularly those that are at a high risk level. For more complicated issues, we can start creating individual to-do's to address them.

Also, if it would be easier to address an issue as part of the application rebuild scheduled for later this year, please identify the issue as such, and we'll mark it as something that we'll address as part of that process.

Thanks,

Morgan
Notified 5 people
Morgan Maguire, CEO Morgan Maguire, CEO
Hi Ryan Knuth, Customer Support Manager at Industrial Ryan ,

Now that all the outstanding maintenance to-do's are complete. Could you run another security scan to get updated list of security issues we need to address.

Thanks,

Morgan
Notified 5 people
Ryan Knuth, Customer Support Manager at Industrial Ryan Knuth, Customer Support Manager
Hi Morgan,

I started the scan yesterday and it's still running. It will take some time as I've purposefully lowered the intensity of the scanning and "attacks" to not affect server performance. I'll post the results here when they are completed.

Thanks!

Ryan
Notified 5 people
Morgan Maguire, CEO Morgan Maguire, CEO
Sounds good Ryan Knuth, Customer Support Manager at Industrial Ryan

Thanks,

Morgan 
Notified 5 people
Morgan Maguire, CEO Morgan Maguire, CEO
Hi Ryan Knuth, Customer Support Manager at Industrial Ryan ,

Did you manage to get the security scan complete?

Morgan 
Notified 5 people
Ryan Knuth, Customer Support Manager at Industrial Ryan Knuth, Customer Support Manager
Hi all,

I was finally able to get the scan to complete on a dedicated Windows machine over the weekend (which resulted in all of those email submissions - sorry again). Please find attached the report. I recommend we work from High down like we did last time.

Thanks!

Ryan
ZAP Scanning Report-13-11-18.pdf 514 KB • Download
Notified 5 people
Morgan Maguire, CEO Morgan Maguire, CEO
Great. Thanks Ryan Knuth, Customer Support Manager at Industrial Ryan . Glad to hear you were able to get a successful scan. To ensure these issues are properly tracked. Would it be possible for you to create a new to-do's dealing with each issue identified in the report, and we'll start working through them?

Also, Harsh Parikh, Tech Lead at DevIT Harsh , could you please ensure that the automated emails are restored on dev.islg now that the scan is complete.

Thanks,

Morgan
Notified 5 people
Ryan Knuth, Customer Support Manager at Industrial Ryan Knuth, Customer Support Manager
Hi Harsh Parikh, Tech Lead at DevIT Harsh and Morgan Maguire, CEO Morgan  

I've split the High > Medium issues from the report into their own to-dos. I've also attached an HTML view of the report which seems easier to use than the PDF and doesn't cut off any of the test parameters. Let's working High > Medium and after those are completed we can discuss whether or not the Low items need to be addressed.

Thanks!

Ryan

dev-islg.html 189 KB • Download
Notified 5 people
Morgan Maguire, CEO Morgan Maguire, CEO
Hi Ryan Knuth, Customer Support Manager at Industrial Ryan ,

Thank you for creating the necessary to-do's.

Harsh Parikh, Tech Lead at DevIT Harsh , as Ryan Knuth, Customer Support Manager at Industrial Ryan has suggested let's starting work through the high to medium to-do's. Also, if resolving any of these to-do's requires altering the system in a way that will affect with the front-end UX, please let us know, and we'll discuss how to proceed. I don't want us to do anything that adversely affects the user experience without proper consultation first.

Thanks,

Morgan 
Notified 5 people
Harsh Parikh, Tech Lead at DevIT Harsh Parikh, Tech Lead
Hi Morgan Maguire, CEO Morgan and Ryan Knuth, Customer Support Manager at Industrial Ryan ,

We are start looking in to the High issues and will update you soon.
Notified 5 people
Morgan Maguire, CEO Morgan Maguire, CEO
Great. Thanks Harsh Parikh, Tech Lead at DevIT Harsh .

Morgan 
Notified 5 people
Morgan Maguire, CEO
Morgan Maguire completed this to-do.