Security checks, reviews, and fitness functions (FOLIO-3582)

[FOLIO-3868] Run OWASP Zed Attack Proxy (ZAP) against Orchid Created: 03/Aug/23  Updated: 17/Aug/23

Status: Open
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None
Parent: Security checks, reviews, and fitness functions

Type: Story Priority: P3
Reporter: Craig McNally Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Defines
defines FOLIO-3583 OWASP Zed Attack Proxy (ZAP) Open
Sprint:
Development Team: None
Epic Link: Security checks, reviews, and fitness functions
RCA Group: TBD

 Description   

Overview

While FOLIO has used the OWASP ZAP tool in the past, it was a long time ago, and the sentiment among the Security Team is that we can likely get more out of ZAP.

We ran this a while back against Morning Glory Bugfest.  Details can be found here: _________________.   

Acceptance Criteria

  • Scan findings are documented and shared with the Security team
  • User stories are created/updated with details and/or references to existing or newly generated documentation

Generated at Thu Feb 08 23:31:23 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.