There is no easier way to do that? I don't have access to all of the source code and I would hate to manage the custom code changes.
I am looking for some guidance on how to remove some functionality or at least disable it. Our web app is only used within our company and not accessible outside our Azure Tenant. Our application is going through a pen test with a 3rd party company, gearing up for approval on being launched. I want to remove as much un-needed functionality as I can to reduce attack surface for the pen testers. The application will be using authentication into our Azure Active Directory. In production i will have it turned off so the user cannot register, or login with a local account. Only external accounts using Azure Active Directory. Note that it isn't just about creating roles to hide things from the UI either as they will be pen testing with a Admin account along with other roles too.
I am guessing you are getting the point. Any guidance on how I can reduce this functionality of the things I have mentioned and if there is a common way I can do it if I missed anything, that would be great.
Thank you
I just added the File Management Module and I wanted to override the menu of the one that is auto added so I can get rid of the feature enabled requirement and change things like the icon and order. But when I add the below menu code, it just adds a second menu item instead of overriding the one that gets added automatically through the module. How can I override the menu?
//File Management
context.Menu.AddItem(
new ApplicationMenuItem(FileManagementMenuNames.GroupName,
displayName: "File Management",
url: "~/file-management",
icon: "fa-duotone fa-folder-open",
order: 6,
requiredPermissionName: Cure8Permissions.AdminApi));
When I initially load the home page I get the below error. As soon as I refresh I can use the app as expected. Anyone have any ideas?
Error: System.NullReferenceException: Object reference not set to an instance of an object. at Volo.Abp.AspNetCore.Components.Web.LeptonXTheme.Components.ApplicationLayout.SideMenu.Navigation.MobileNavbar.BuildRenderTree(RenderTreeBuilder __builder) at Microsoft.AspNetCore.Components.ComponentBase.<.ctor>b__6_0(RenderTreeBuilder builder) at Microsoft.AspNetCore.Components.Rendering.ComponentState.RenderIntoBatch(RenderBatchBuilder batchBuilder, RenderFragment renderFragment, Exception& renderFragmentException) log @ blazor.server.js?_v=638124742340000000:1 blazor.server.js?_v=638124742340000000:1 [2023-06-14T02:04:14.198Z] Information: Connection disconnected. blazor.server.js?_v=638124742340000000:1 Uncaught (in promise) Error: Invocation canceled due to the underlying connection being closed. at Ft._connectionClosed (blazor.server.js?_v=638124742340000000:1:76250) at Ft.connection.onclose (blazor.server.js?_v=638124742340000000:1:67065) at Nt._stopConnection (blazor.server.js?_v=638124742340000000:1:62559) at transport.onclose (blazor.server.js?_v=638124742340000000:1:60297) at At._close (blazor.server.js?_v=638124742340000000:1:52510) at At.stop (blazor.server.js?_v=638124742340000000:1:52130) at Nt._stopInternal (blazor.server.js?_v=638124742340000000:1:55448) at async Nt.stop (blazor.server.js?_v=638124742340000000:1:55258) at async Ft.stop (blazor.server.js?_v=638124742340000000:1:69730)
I tried working on this for several days. Can we make this a priority as it is a big issue for us as well.
I was literally going to post about this issue as well. I haven't figured out any good solution either. But would love to of a good solution to this.
That isn't going to find package level vulnerabilities. Completely different. Also, for code vulnerabilities, OWASP could catch a lot of those. But SonarCloud will find them much quicker and will point directly to the code that is a vulnerability. OWASP wouldn't do that. Just to a basic API Endpoint level. Also, SonarCloud and Mend can easily be put into the build pipeline to check during each build. Or on a schedule.
Alper, you may want to consider using MEND (formerly WhiteSource, www.mend.io) to show vulnerabilities reported in .NET and NPM packages; it also tells you what versions the vulnerabilities have been fixed in. The second one you may want to look into is Sonarcloud (sonarcloud.io) which is incredible for finding security vulnerabilities in the actual source code.
My work uses both for compliance reasons, and they work fantastically to keep the codebase as secure as possible before deploying to the server.
Awesome. Thank you very much. I appreciate the help.