We are developing a web application on Cuba that will be public facing. One of our customers is concerned with penetration testing our application. Has Haulmont or anyone else used a third party pen testing vendor or software for a Cuba-based application?
I understand that web application firewalls can be used to protect a network from attacks on web applications. Any experience or suggestions for a specific one?
Any recommendations are appreciated. Thank you!
Here at Haulmont, we didn’t perform pentesting of CUBA web UI. Some of our clients tested public-facing portals of their applications, but it’s not that interesting and unfortunately I cannot disclose the company names without their permit.
If you have any specific concerns or results of pentesting, please let us know.
We’ve done a penetration test (white box) on our public facing application and found no problems.
Obviously, it is not only the CUBA platform/application that was in scope for the penetration test but the full deployment stack (Ubuntu/Docker etc.). Such systems need hardening to stand a penetration test.
Hope it helps you forward.