2001 • Langjährige Nutzung der Atlassian Tools (v.a. intern) • Nationale und internationale Atlassian Projekte seit 05/2013 • Einsatz insbesondere im Rahmen von Standard Operating Environment (SOE) Projekten • Hauptsitz in Unterschleißheim bei München ATIX AG Jira Härtung - Atlassian User Group München 2014-03-20
accurate results Jira Härtung - Atlassian User Group München 2014-03-20 SLOC* > 10k sortiert nach Programmiersprache, Jira 6.2.1 Java JavaScript JSP CSS Python 1.122.982 10.1281 44.929 10.434 7908 * ermittelt am 19.03.2014 mit http://cloc.sourceforge.net/
in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. CVE-2014-2313 (A4) Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. CVE-2013-5319 (A3) Cross-site scripting (XSS) vulnerability in secure/admin/user/views/ deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/ admin/user/DeleteUser!default.jspa. CVE-2012-2927 (A6) The TM Software Tempo plugin before […] before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause […] (DoS). Angriffsvektoren https://www.owasp.org/index.php/Top_10_2013-Table_of_Contents Jira Härtung - Atlassian User Group München 2014-03-20 *CVE = Common Vulnerabilities and Exposures
• Abgrenzung durch Benutzergruppen • AppLinks (Beschränkung IP Range, etc.) • Crowd • Passwort Policies • TLS für alle Verbindungen (ggf. Tunnel) Jira Härtung - Atlassian User Group München 2014-03-20 Best Practices