掲示板

  1. ホーム
  2. Development
  3. Solving OWASP security vulnerabilities in Liferay 6.0.x

Solving OWASP security vulnerabilities in Liferay 6.0.x

7年前 に Ionut Negoita によって更新されました。

Solving OWASP security vulnerabilities in Liferay 6.0.x

New Member 投稿: 10 参加年月日: 12/08/27 最新の投稿
Hi guys,

I see a lot of topics out there regarding cookies and either the HttpOnly flag or the Secure flag. Besides these 2 issues that are security considered vulnerabilities, there are also some missing headers which present vulnerabilities like:

X­Frame­Options Header Not Set
Web Browser XSS Protection Not Enabled
X­Content­Type­Options Header Missing

I have successfully implemented fixes for all these issues and even passed through a security audit verifying the implementation.


Basically you need to create a new filter and add it to the stack of Liferay filters.
Here's a detailed description on how to do this: Solving OWASP security vulnerabilities in Liferay 6.0.x

I would love to hear comments from you guys, maybe if I'm missing something or if you have any questions.

kindest regards,
John (@codingdudecom)
thumbnail
7年前 に David H Nebinger によって更新されました。

RE: Solving OWASP security vulnerabilities in Liferay 6.0.x

Liferay Legend 投稿: 14916 参加年月日: 06/09/02 最新の投稿
Thanks for the info.

6.0 is quite a bit dated, have you considered upgrading to a newer version that supports all of the new browsers?
7年前 に Ionut Negoita によって更新されました。

RE: Solving OWASP security vulnerabilities in Liferay 6.0.x

New Member 投稿: 10 参加年月日: 12/08/27 最新の投稿
Hi David,

yes, it is outdated, and we did try to upgrade to Liferay 7. I've seen your article about OSGI modules and added a comment and another forum topic regarding the challenges we had with that. Bottom line is that we stopped trying to do that since it was becoming too expensive for us considering we did not get very far.
Probably an attempt to upgrade to version 6.2 should have been the course.
thumbnail
7年前 に David H Nebinger によって更新されました。

RE: Solving OWASP security vulnerabilities in Liferay 6.0.x

Liferay Legend 投稿: 14916 参加年月日: 06/09/02 最新の投稿
6.2 will bring you forward, certainly, and these OWASP issues may already be resolved.

LR7 migration is going to be challenging for all of us because of the underlying and significant changes. We're all in the same boat there, so we're all learning the ropes at the same time, Ionut.

Don't give up, though, I'm sure you can make the change work...