Boost C++ Libraries

...one of the most highly regarded and expertly designed C++ library projects in the world. Herb Sutter and Andrei Alexandrescu, C++ Coding Standards

This is the documentation for a snapshot of the master branch, built from commit 127294d48b.

libs/beast/doc/qbk/01_intro/1a_bishop_fox.qbk

[/
    Copyright (c) 2016-2019 Vinnie Falco (vinnie dot falco at gmail dot com)

    Distributed under the Boost Software License, Version 1.0. (See accompanying
    file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)

    Official repository: https://github.com/boostorg/beast
]

[section:security_review_bishop_fox Security Review (Bishop Fox) __video__]

In 2020, as part of its commitment to producing the very finest C++ libraries
that application developers can trust, the C++ Alliance one again commissioned
Bishop Fox to retest the Beast library.

The report is linked here:

[@https://github.com/CPPAlliance/beast-assets/raw/master/bishop-fox/C%20Plus%20Plus%20Alliance%20-%20Hybrid%20Application%20Assessment%202020%20-%20Assessment%20Report%20-%2020200924.pdf
    [*Beast - Hybrid Application Assessment 2020]]

Since 2005, [@https://www.bishopfox.com/ Bishop Fox] has provided
security consulting services to the Fortune 1000, high-tech startups,
and financial institutions worldwide.
Beast engaged Bishop Fox to assess the security of the Boost C++ Beast HTTP/S
networking library. The following report details the findings identified during
the course of the engagement, which started on September 11, 2017.

The assessment team conducted a hybrid application assessment of the Beast
library. Bishop Fox’s hybrid application assessment methodology leverages
the real-world attack techniques of application penetration testing in
combination with targeted source code review to thoroughly identify
application security vulnerabilities. These fullknowledge assessments
begin with automated scans of the deployed application and source code.
Next, analyses of the scan results are combined with manual review to
thoroughly identify potential application security vulnerabilities. In
addition, the team performs a review of the application architecture and
business logic to locate any design-level issues. Finally, the team performs
manual exploitation and review of these issues to validate the findings.

[@https://github.com/CPPAlliance/beast-assets/raw/master/bishop-fox/Beast%20-%20Hybrid%20Application%20Assessment%202017%20-%20Assessment%20Report%20-%2020171114.pdf
    [*Beast - Hybrid Application Assessment 2017]]

[/ "Securing Boost.Beast: A Non-Traditional Source Code Review"]
'''
<mediaobject>
  <videoobject>
    <videodata fileref="https://www.youtube.com/embed/4TtyYbGDAj0?rel=0"
      align="center" contentwidth="560" contentdepth="315"/>
  </videoobject>
</mediaobject>
'''

[endsect]