https://wiki.openstack.org/wiki/Security/Guidelines Š has some good recommendations that may be of use. I plan to tackle at least one of the items (probably logging as that is a common issue) more deeply this week. Also, the OWASP top 10 might be a good place for input as well: https://www.owasp.org/index.php/Top_10_2013-Top_10 On 5/29/14 9:59 AM, "Tristan Cacqueray" <tristan.cacqueray at enovance.com> wrote: >On 05/28/2014 11:55 PM, Bhandaru, Malini K wrote: >> Hello Everyone! >> >> Can you think of a security anti-pattern? Share them and help make >>OpenStack more secure. >> >> Below is an excerpt from the wiki under development -- >>https://wiki.openstack.org/wiki/Security/OpenStack_Security_Impact_Checks >> > >Thank you Malini! >I added some classic anti-pattern to the list. > >Now I wonder how to verify those automatically. >I'm afraid grep won't be enough, we might want to look at a simple ast >representation that we can use to inspect dangerous function call. > >Would a PoC that highlight subprocess call with shell=True still be >useful or do we already have something in mind ? > >Best regards, >Tristan >