junk topic

  

hi expert,

why is this forum  full of these kind of junk topics?

love ~vashikran (+91-9~8~7~8~3~7~7~3~1~7sPECIALIST ~TANTRIK ji in canada in uk

can the expert block them as they are so disturbing?

regards,

bb

Hi Barong.

Outsystems is working on this issue and also with the help of the MVPs we're trying to minimize the amount of spam accounts and posts that we can. So don't worry that this is a recent issue that is being treated with high priority.

Cheers,

GM

Gonçalo Martins wrote:

Hi Barong.

Outsystems is working on this issue and also with the help of the MVPs we're trying to minimize the amount of spam accounts and posts that we can. So don't worry that this is a recent issue that is being treated with high priority.

Cheers,

GM

I am just wondering if it is some kind of vulneribilities in Outsystems platform as one of my company's client (bank) also checked for vulneribility of the web we are creating using Outsystems and they hired independent security company for each flaw they found.

regards,

bb


I Agree with you Barong. They are so disturbing

Worried people,

Though it's annoying to have these kind of posts on the forum, there is not much "disturbing" about them, in my opinion. For one, they are all posted by real people, not by bots, as far as we can see, people who first go through the difficulty of setting up an account, then creating a post with spam. It has nothing to do whatsoever with a "vulnerability" in the Platform.

That said, OutSystems is fully aware of the problem and are tuning their spam capturing algorithms. For every spam post you see on the forum, a dozen are already automatically captured, and the rest is caught and deleted by the MVP forum moderators, typically within the hour (though it may be a bit longer over the weekend).

I understand the concerns from business point of view but it is being taken care by Outsystems and from MVPs point of view, I assure that from next time such posts will not appear on Forum for more than 30 minutes.

Hi Barong,

For the sake of other Community members who are reading your post, can you make sure that your report about the security validation your client is going through is accurate?

The way you wrote it, it looks like the security company has found a bunch of vulnerabilities in the OutSystems platform, and they are now fixing them. That cannot be true.

First of all, you need access to source code to really fix vulnerabilities, so only OutSystems can do it.

Second, I am not aware of any customer reporting vulnerabilities recently, so I suppose that you have not detected any confirmed vulnerability.

My guess is that somebody ran a security analysis tool that flagged potential vulnerabilities, and is now going through the process of understanding which are real and which aren't. This is normal: security tools always have false positives, 99.9% of such reports produce a list of false positives and no real vulnerability. In the unlikely case that you will find and report a real vulnerability in the platform, OutSystems will fix it.

Best regards,

Joao


Hi Joao,

What i am telling about the client hired security company to pentest the web created using Outsystem is correct. And, as i myself do not know about security, so i cannot tell what flaws they found.

I think they use tools ouh..i forget its name.. may be burk suite?...and i have told them that outsystem has anticipated about 10 or more vulnerabilities.

For we are developers.. much time cannot answer to what extent the security of our program is. As much time we also use the components that are not created by os lab itself (like some forge) and also the fact that Os is new for us..

Regards,

Bb

Suraj Borade wrote:

I understand the concerns from business point of view but it is being taken care by Outsystems and from MVPs point of view, I assure that from next time such posts will not appear on Forum for more than 30 minutes.

Yes, i agree. From business point of view it will be good to let the forum clean as the client"s os programmer also accesses this forum.. so if they asked about this, what should we say?


Regards

Bb


Solution

Hi Barong,

I'm sorry that I didn't explain myself correctly. 

You were accurate in saying that your client went through a pen test. You were also accurate in saying that the pen test had a number of findings.

But you implied that every finding in the pen test report relates to a vulnerability in the OutSystem platform. That's not accurate. 99.9% of findings in pen test reports are not vulnerabilities in the OutSystems platforms. Getting the pen test report is a milestone in your job of guaranteeing the security of your application, but your work does not end then.

Feel free to send me a DM to enable a more specific discussion.

Best regards,

Joao 

  


Solution