Remove outdated security tool development section
The security SIG hasn't maintained the two projects listed under the "Security tool development" section in quite a while. This change removes the section entirely since the information it has is no longer relevant to the security SIG. Change-Id: I49aee997751b2b4f7ca6e879883a85c56087c0a1
This commit is contained in:
parent
0e4118d19e
commit
d4785ae6fd
|
@ -222,56 +222,3 @@ information. Specifically, they are responsible for the following functions:
|
||||||
researchers who responsibly report issues in OpenStack.
|
researchers who responsibly report issues in OpenStack.
|
||||||
|
|
||||||
See :doc:`vmt-process` for details on our open process.
|
See :doc:`vmt-process` for details on our open process.
|
||||||
|
|
||||||
|
|
||||||
Security tool development
|
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
The Security project are constantly looking at ways to introduce tooling and
|
|
||||||
automation to improve the overall security of OpenStack projects. Some of these
|
|
||||||
projects are outlined below.
|
|
||||||
|
|
||||||
Bandit - static analysis for Python
|
|
||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
||||||
|
|
||||||
Bandit is a security static analysis tool for Python source code, utilizing the
|
|
||||||
ast module from the Python standard library. The **ast** module is used to
|
|
||||||
convert source code into a parsed tree of Python syntax nodes. Bandit allows
|
|
||||||
users to define custom tests that are performed against those nodes. At the
|
|
||||||
completion of testing, a report is generated that lists security issues
|
|
||||||
identified within the target source code.
|
|
||||||
|
|
||||||
Bandit is currently a stand-alone tool which can be downloaded by end-users and
|
|
||||||
run against arbitrary source code. Although early in development it is already
|
|
||||||
adding value to the OpenStack code base with several projects leveraging it
|
|
||||||
in their CI gate tests. As the project matures the desire is to see widespread
|
|
||||||
adoption of Bandit in the OpenStack community.
|
|
||||||
|
|
||||||
Bandit can be obtained by cloning the `repository <https://git.openstack.org/openstack/bandit.git>`_.
|
|
||||||
The README.rst file contains documentation regarding installation, usage,
|
|
||||||
and configuration.
|
|
||||||
|
|
||||||
* `Bandit Git Repository <https://git.openstack.org/cgit/openstack/bandit>`_
|
|
||||||
* `Bandit Gerrit <https://review.openstack.org/#/q/bandit,n,z>`_
|
|
||||||
* `Bandit Launchpad <https://bugs.launchpad.net/bandit>`_
|
|
||||||
|
|
||||||
Syntribos - Python API security testing tool
|
|
||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
||||||
|
|
||||||
Syntribos is an open source automated API security testing tool that is
|
|
||||||
maintained by members of the `OpenStack Security Project <https://wiki.openstack.org/wiki/Security>`_.
|
|
||||||
|
|
||||||
Given a simple configuration file and an example HTTP request, syntribos
|
|
||||||
can replace any API URL, URL parameter, HTTP header and request body
|
|
||||||
field with a given set of strings. Syntribos iterates through each position
|
|
||||||
in the request automatically. The tool aims to automatically detect common
|
|
||||||
security defects such as SQL injection, LDAP injection, buffer overflow, etc.
|
|
||||||
In addition, it can be used to help identify new security defects
|
|
||||||
by automated fuzzing.
|
|
||||||
|
|
||||||
Syntribos can be installed directly from `pypi with pip <https://pypi.python.org/pypi/pip>`_.
|
|
||||||
|
|
||||||
* `Syntribos developer documentation <http://docs.openstack.org/developer/syntribos/>`_
|
|
||||||
* `Syntribos Git Repository <https://git.openstack.org/cgit/openstack/syntribos>`_
|
|
||||||
* `Syntribos Gerrit <https://review.openstack.org/#/q/syntribos,n,z>`_
|
|
||||||
* `Syntribos Launchpad <https://bugs.launchpad.net/syntribos>`_
|
|
||||||
|
|
Loading…
Reference in New Issue