1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

External Security Check

Discussion in 'XenForo Pre-Sales Questions' started by mra0, Oct 27, 2010.

  1. mra0

    mra0 Member

    Does xenforo go through any type of external/3rd party security check?
     
  2. ManagerJosh

    ManagerJosh Well-Known Member

    what kind of third-party/external audit are you looking for?? Against XSS attacks? SQL Injections? An audit can go any number of ways.
     
  3. Floris

    Floris Guest

    A good company would have an array of audits to go through, remote testing, internal scanning, manually glancing over code, and running specialized softwares. etc.

    At XenFans we've run a Google RatProxy for a month, while using the alpha, and found one issue which was due to jQuery converting things back in regards to html entities so xss was possible if you had moderator access with access to inline moderation, but that was it. Other reported things were all insignificant warnings.

    I will dump the many gigabyte of data to a report.html soon since we stopped running it when beta2 came out. And mail it to Kier for review.
     
    Kier likes this.

Share This Page