Abstract
IXP Manager is built with a security-first, secure-by-design approach. As a 20-year-old project, we have had to regularly revisit past assumptions and update them to align with current best practices. One of the best ways of doing this is to have our work checked by independent third parties.
ENISA, the European Union Agency for Cybersecurity, established the Cybersecurity Support Action Programme to provide cybersecurity services to Member States. Under this program, IXP Manager underwent a seven-day "grey-box" web application vulnerability assessment in February 2026.
This presentation will discuss web application security in general, IXP Manager's experience with third-party penetration tests, the results of this specific test, and how these can be applied to web applications.
Recording
Speaker
Barry O'Donovan
Barry is the project manager and lead developer of IXP Manager (https://www.ixpmanager.org/) – a full-stack management system for IXPs that includes an administration and customer portal, provides end-to-end provisioning, and both teaches and implements best practices. This project is now in use at over 260 IXPs worldwide, 100 of which are in the RIPE region.
Rate this talk
Rating is closed.