SecurityDriven.NET is a resource to highlight many challenges, misperceptions, and false assumptions of producing secure, implementationally correct .NET solutions.
This report documents a penetration test and code audit of the SecurityDriven.Inferno library. The assessment was performed by two members of the Cure53 team in the second half of September 2016 and yielded only seven rather low-risk findings.
As for the test approach, the investigated library is available as an open source. Therefore, the audited code was taken from the public Github repository of the product, with the details listed below under “Scope”. Since SecurityDriven.Inferno boasts a small size and compact design, the entirety of the code has been put in scope by the library’s maintainer and received a complete coverage during this two-day assessment. The tests proceeded smoothly and the communication between the Cure53 team and the SecurityDriven.Inferno maintainer was fast and fruitful, leading to the reported issues being fixed quickly and in an appropriate manner.
The full audit and summary of findings can be found below.
This website deploys cookies for basic functionality and to keep it secure. These cookies are strictly necessary. Optional analysis cookies which provide us with statistical information about the use of the website may also be deployed, but only with your consent. Please review our Privacy & Data Policy for more information.