Pen testing guidance


We are developing a web application on Cuba that will be public facing. One of our customers is concerned with penetration testing our application. Has Haulmont or anyone else used a third party pen testing vendor or software for a Cuba-based application?

I understand that web application firewalls can be used to protect a network from attacks on web applications. Any experience or suggestions for a specific one?

Any recommendations are appreciated. Thank you!

Hi Matt,

Here at Haulmont, we didn’t perform pentesting of CUBA web UI. Some of our clients tested public-facing portals of their applications, but it’s not that interesting and unfortunately I cannot disclose the company names without their permit.

If you have any specific concerns or results of pentesting, please let us know.

We’ve done a penetration test (white box) on our public facing application and found no problems.

Obviously, it is not only the CUBA platform/application that was in scope for the penetration test but the full deployment stack (Ubuntu/Docker etc.). Such systems need hardening to stand a penetration test.

Hope it helps you forward.

1 Like