Please login or register to access secure site features.

Note: By continuing to use DevConnect Program Services you agree to our latest Registered Member Terms.

Sign in using DevConnect ID

Forgot password?

Trouble logging in?

Submit a ticket for Registration Support.

I have an SSO ID

?
sign in

Don't have a DevConnect or SSO ID ?

Create a DevConnect account or join the program.

register now
^
New DevConnect members must have forum permissions in order to post messages.
If the Reply and New Post buttons are not available to you, please request access using a General Support request ticket.
Forum Index » Avaya Client SDK - General » Tests for vulnerabilities of SDK   XML
 
Author Message
DmitrySenashenko3



Joined: 28/08/2019 14:43:10
Messages: 59
Offline

Hello, I was asked by a customer as for subj.
Does somebody has any ideas or info?
I understand SDK can have vulnerabilities. It is possible.
Obviously need to do some tests before it's release. I agree. Because possible SDK developer could do some stupid mistake. Why not?
So somebody should do some tests before release as for at least easiest tests for DOS attack and other vulnerabilities.

Did somebody have some experience about this? Could you share it?

Best regards, Dmitry
ware16.avaya.com



Joined: 23/09/2019 00:26:26
Messages: 74
Offline

Hi Dmitry,

Client SDK does all kinds of regression and sanity before releasing it to the customer.

Can you please let us know if you found any issues?
What kind of vulnerability testing you are expecting?
Which platform you are using?

Can you please answer the above questions to help you in a better way?

Thanks,
Avaya DevConnect Team.
JohnBiggs



Joined: 20/06/2005 14:06:52
Messages: 883
Location: Thornton, CO
Offline

Any software can have vulnerabilities. There are various vendors in the market that specialize in vulnerability scanning software
https://www.google.com/search?q=tools+to+scan+software+for+vulnerabilities&rlz=1C1GCEA_enUS878US878&ei=9tQWYZ_IOKyu5NoP-MuiwAU&oq=tools+to+scan+software+for+vulnerabilities&gs_lcp=Cgdnd3Mtd2l6EAMyBQgAEM0CMgUIABDNAjIFCAAQzQIyBQgAEM0COgcIABBHELADOgQIABANOggIABAIEAcQHjoICAAQCBANEB46BQgAEIYDSgQIQRgAUJoZWMAjYPA4aAFwAngAgAG2AYgByQqSAQQwLjEwmAEAoAEByAEIwAEB&sclient=gws-wiz&ved=0ahUKEwifm9OY6q7yAhUsF1kFHfilCFgQ4dUDCA4&uact=5&safe=active&ssui=on

Of course any scan can have false positives that need tracked down and a determination made as to actual risk.

This isn't really a question related to APIs or Avaya products, the vendors that the Google search identified have similar forums and content related to how to, why, what to look out for, etc that should be used. Scanning Avaya software should be treated similarly to scanning any vendor's software solutions.

Beyond that, what type of information about vulnerability scanning are you looking for?

This message was edited 1 time. Last update was at 13/08/2021 15:29:01

[WWW]
 
 
Go to: