OrangeHRM Blog
Voice of Free & Open Source HR System

Posts Tagged ‘security’

28
Nov

OrangeHRM Secured

Posted in General  by Shaun Bradley No Comments

OrangeHRM continuously keeps on updating its products in order to provide the best solution to customers and also to make sure that the system is secure whereby hackers cannot hack into the system. We have used security good practices and patterns when coding; used industry standard frameworks which have built-in features to prevent common security vulnerabilities. Our developers have been trained on security practices to make sure our code is secure.

The OrangeHRM community and some freelance security experts have been assisting us on this regard too. Security expert, Kenneth Sager, was able to find vulnerabilities in our system. He has chosen OrangeHRM for his review because it was the most popular download on sourceforge.net. In his spare time Kenneth performs independent reviews of software solutions such as OrangeHRM, this process is called “bug hunting”. He has been able to discover some “bugs” in our system. He has informed us about those and we were prompt to fix them.

In the past other large institutions such as High-Tech Bridge SA in Switzerland, IBM Internet Security Systems X-Force, and Juniper Networks USA have stepped forward to test OrangeHRM for any vulnerability and assisted us to identify and fix them.

Juniper Networks USA

IBM Internet Security Systems X-Force

High-Tech Bridge SA

Sad Geeks In Snow

Tags: , ,

20
May

OrangeHRM, more secure than ever

In our endeavor to make OrangeHRM a highly secure enterprise application, we’ll soon be releasing a patch (2.5.0.5) for the latest stable version of OrangeHRM, with a few security improvements. We’re thankful to our community and various organizations that continue to test OrangeHRM and bring existing issues to our attention. We’re committed to fix these issues as soon as possible, and continue to improve the level of security in OrangeHRM.

The following bugs have been reported, and our development team is now fixing them:

  • 3003346     Potential SQL injection vulnerability with ess login
  • 3001611     Ess module is vulenerable to xss
  • 3003358     Possible CSRF and PHP code injection
  • 3003361     Not sanitized ajax reponses leads to XSS vulnerability
  • 3000555     Sanitize the input data in jobs.php

We will soon make the fixes available with OrangeHRM 2.5.0.5.

In addition to security testing performed by external organizations, we’ve internally formed a security testing team, who will continue to test each new version of OrangeHRM thoroughly for possible security flaws.

We’ll be posting updates about our progress on this blog.

Tags:

 

Copyright © 2017 OrangeHRM Inc All rights reserved. Powered By WordPress