mirror of https://github.com/MISP/misp-website
chg: [blog] markdown is markdown
parent
d226fffb1b
commit
c62a53bab3
|
@ -12,10 +12,10 @@ A new version of MISP ([2.4.123](https://github.com/MISP/MISP/tree/v2.4.123)) ha
|
||||||
|
|
||||||
Thanks to a pentest conducted on behalf of the Centre for Cyber Security Belgium (CCB), we have received a list of ideas to improve our security posture along with 2 vulnerabilities:
|
Thanks to a pentest conducted on behalf of the Centre for Cyber Security Belgium (CCB), we have received a list of ideas to improve our security posture along with 2 vulnerabilities:
|
||||||
|
|
||||||
- 2 XSS vulnerabilities (reported and fixed, more info via [CVE-2020-10246](/security) and [CVE-2020-10247](/security))
|
- 2 XSS vulnerabilities (reported and fixed, more info via [CVE-2020-10246](/security) and [CVE-2020-10247](/security))
|
||||||
- various improvements for our password policy
|
- various improvements for our password policy
|
||||||
- Improvements by adding preventative headers
|
- Improvements by adding preventative headers
|
||||||
- Providing the more information to the users by revealing potential foul play
|
- Providing the more information to the users by revealing potential foul play
|
||||||
|
|
||||||
We would hereby like to thank both the contracted part as well as CCB for sharing the results with us. We are always glad to receive pentest results, it's a great way for organisations to improve the security of MISP and we highly encourage everyone to MISP for potential issues and to [let us know](/security) - we will do our best to fix any identified issues as soon as possible.
|
We would hereby like to thank both the contracted part as well as CCB for sharing the results with us. We are always glad to receive pentest results, it's a great way for organisations to improve the security of MISP and we highly encourage everyone to MISP for potential issues and to [let us know](/security) - we will do our best to fix any identified issues as soon as possible.
|
||||||
|
|
||||||
|
@ -27,12 +27,12 @@ As an outcome of quickly setting up a Coronavirus-sharing community via MISP for
|
||||||
|
|
||||||
The new Dashboard is accessible directly in MISP and fully customisable by users.
|
The new Dashboard is accessible directly in MISP and fully customisable by users.
|
||||||
|
|
||||||
- The system relies on bundled and custom widgets
|
- The system relies on bundled and custom widgets
|
||||||
- widgets work similarly to other modular parts of MISP, design your own, drop it in the MISP directory to get started
|
- widgets work similarly to other modular parts of MISP, design your own, drop it in the MISP directory to get started
|
||||||
- For instructions on how to develop a basic widget visit [The training slide repository](https://www.misp-project.org/misp-training/a.a-widget-dev.pdf)
|
- For instructions on how to develop a basic widget visit [The training slide repository](https://www.misp-project.org/misp-training/a.a-widget-dev.pdf)
|
||||||
- Under the hood it uses the user settings system, allowing for custom configurations per user
|
- Under the hood it uses the user settings system, allowing for custom configurations per user
|
||||||
- Dashboard templates can be saved and shared, both via MISP and via JSON configuration files
|
- Dashboard templates can be saved and shared, both via MISP and via JSON configuration files
|
||||||
- Widgets come with a host of support functionalities (ACL, caching, auto-reloading, configuration systems)
|
- Widgets come with a host of support functionalities (ACL, caching, auto-reloading, configuration systems)
|
||||||
|
|
||||||
We welcome contributions to our ever growing widget collection from our community, let us know if you want to get involved in the effort!
|
We welcome contributions to our ever growing widget collection from our community, let us know if you want to get involved in the effort!
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue