Whitepaper
pfSense Security Evaluation Report
Source code analysis is an important aspect of an overall security review program.
InfoSec Global was engaged by Netgate to perform a security-focused evaluation of the pfSense firewall distribution that is distributed on their Netgate network firewall appliances. Throughout the course of the assessment there were very few potential security concerns identified.
Recommendations and mitigation strategies were provided, however none of the findings observed in the white box analysis were deemed to be of a high or critical nature. Although the white box review did not yield any high or critical findings the third party components review did find some Common Vulnerability Enumerations (CVE) which have been deemed by the engagement team to be areas of concern and provided recommendations which should be reviewed.