MantisBT 1.2.1 introduced anti-clickjacking features in the form of both X-Content-Security Policy and X-Frame-Options HTTP headers. SHODAN is a search engine that allows the searching of HTTP server fingerprints obtained from internet facing hosts. If we search for X-Frame-Options in SHODAN’s database, just over 7000 results are returned. Performing the same check for the X-Content-Security-Policy header returns just over 90 results. Continue reading “Progress towards fully implementing X-Content-Security-Policy”
MantisBT 1.2.3 Released
Howdy folks,
MantisBT 1.2.3 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release. Continue reading “MantisBT 1.2.3 Released”
MantisBT 1.2.2 Released
Howdy all,
MantisBT 1.2.2 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release. Continue reading “MantisBT 1.2.2 Released”
Eclipse Community Survey 2010
The results of the Eclipse Community Survey 2010 have recently been released. A summary of the findings is available in the Open Source Developer Report 2010. This survey of the Eclipse community is an interesting insight into software development and the trends which are taking place. Continue reading “Eclipse Community Survey 2010”
Clickjacking protection in MantisBT 1.2.1
Mantis Bug Tracker 1.2.1 includes initial support for X-Frame-Options and X-Content-Security-Policy. These two browser security features aim to protect users against clickjacking attacks. If you’re unfamiliar with clickjacking, this presentation by Paul Stone at Black Hat EU 2010 provides an introduction to the topic. Essentially these options prevent a MantisBT site from being embedded within an IFrame on another website. Continue reading “Clickjacking protection in MantisBT 1.2.1”