Versions Compared

Old Version 41

changes.mady.by.user Jacques Le Roux

Saved on

compared with

New Version 42

changes.mady.by.user Jacques Le Roux

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add about upload

...

For HTTP headers: https://cyh.herokuapp.com/cyh.This page gives more information: How to Secure HTTP Headers

File Upload

Since

Jira
serverASF JIRA
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyOFBIZ-12080
the uploads are secured in OFBiz.
For your own safety in production you might be interested by https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF

Penetration tools

There are web oriented tools like OWASP Zed Attack, Beef or IBM Security AppScan. But most of the time they are too general, and totally parsing OFBiz can take a lot of time or be quite a challenge if done manually. You can find more penetration tools here.

...