Hi ABP team,
We have to pass SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tests.
SAST analyzes the source code of the application to find flaws, while DAST examines a running application from an external perspective to detect vulnerabilities.
Right now we only executed SAST tests and we saw some vulnerabilities related to the framework and deployment code. I am sharing those findings with you, hope it helps to enhance the framework security (note: rename the png file to html to see the report): 
Once we execute the DAST tests, I can share with you the results as well.
This is the solution configuration:
- Template: app
- Created ABP Studio Version: 0.9.23
- Current ABP Studio Version: 0.9.25
- Tiered: Yes
- Multi-Tenancy: Yes
- UI Framework: blazor-server
- Theme: leptonx
- Theme Style: system
- Run Install Libs: Yes
- Database Provider: mongodb
- Run Db Migrator: Yes
- Mobile Framework: none
- Public Website: No
- Include Tests: Yes
- Kubernetes Configuration: Yes
- Distributed Event Bus: none
- Use Local References: No
- Optional Modules:
- TextTemplateManagement
- LanguageManagement
- AuditLogging
- OpenIddictAdmin
2 Answer(s)
-
0
Hi, by any chance, can you please share the test results via email (to support@abp.io and specify the ticket number, please)?
This way, we can directly get the test results and evaluate them.
-
0
Thanks for sharing the test via email. We got your mail and we will evaluate it.
