[NF-2714] Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment. - Workterra Jira

XML

Word

Printable

Details

Type: Task
Status: To Do
Priority: Medium
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: UI Refresh
Labels:
None

Module:
BenAdmin
Reported by:
Harbinger
Issue Importance:
Q2
Severity:
Simple

Description

Vulnerability Assessment and Penetration Testing for Workterra Web Application

Environment : Azure US
Company : Beta Security Test
Modules : BenAdmin
Execution : Manual + Tools (ZAP, Tamper Data, SQLMap)

Vulnerability Assessment and Security Testing of
WORKTERRA web application
selected static and dynamic pages
Testing between SA,Partner,CA,Employee user roles
Application Security Verification Standard:
o Authentication
o Session Management
o Access Control
o Malicious Input Handling
o Error Handling and Logging
o Data Protection
o Communications Security
o Malicious Controls
o File and Resource
Comparison to OWASP Top 10 List
Verification of Last Years bug fixes

CC : Rakesh Roy Samir Vijayendra Shinde Bharti Satpute shyam sharma Vijay Siddha

Attachments

Issue Links

relates to

NF-2334 All Company- Employee Login - URL parameters - Security - URL parameters in all the SSM pages,reports are displayed in plain text.

Closed

NF-2965 [Security]-[Authorization Failure]-[Azure] Employee can access all Admin pages over the URL and able to update the customization/settings for those pages.

Closed

NF-3852 [Security] All Company - EE Login - Enroll Now - Request parameters values on Enroll Now page get altered and can be saved successfully.

In LB Testing

WT-9842 [Security]-[Authorization Failure] Employee & Company Admin can access the 'Dashboard Configuration' page over the URL.

In Development

WT-10522 [Security] [ZAP-Active Scan Alert] Cross Site Scripting attack reflected on Forgot Password Page.

Open

WT-10523 [Security] [ZAP-Active Scan Alert] Buffer Overflow error reported for images load request in Benadmin.

Rejected

WT-10524 [Security] [ZAP-Active Scan Alert] Format String Error reported for LanguageName parameter.

Rejected

WT-12172 [Security] [ZAP-Active Scan Alert] Remote OS Command Injection

Rejected

WT-12173 [Security] [ZAP-Active Scan Alert] Buffer Over Flow issue

Rejected

WT-12633 [Security] ZAP- Scan report Issue : Application Error Disclosure

Closed

WT-12634 [Security] ZAP Scan reported Issue : X-Content-Type-Options Header Missing

Rejected

WT-12635 [Security] ZAP Scan Issue : Incomplete or No Cache-control and Pragma HTTP Header Set

Rejected

WT-12636 [Security] ZAP Scan Issues : Password Autocomplete in Browser

Rejected

WT-12637 [Security] ZAP Scan Issue : Cookie No HttpOnly Flag

In Development

WT-12639 [Security] ZAP Scan reported issue : Cross-Domain JavaScript Source File Inclusion

Open

(10 relates to)

Activity

People

Assignee:: Jayshree Nagpure (Inactive)

Reporter:: Prasad Pise (Inactive)

QA:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Jun/17 04:38 AM

Updated:: 06/Jan/19 09:31 PM

Time Tracking

Estimated:

80h

Remaining:

Logged:

403h