TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
paresh gugale
NA
43
57k
Security Audit Issues
Mar 3 2016 6:10 AM
i am developing one web site in that site i have faced 2 security audit problem .
i googled more but don't get proper solution .
please give any solution if u have.
The problem was,
1
Unencrypted Login Request
Severity: High
CVSS Score: 8.5
URL: /AddUser
Entity: AddUser (Page)
Risk: It may be possible to steal user login information such as usernames and passwords that are sent
unencrypted
Causes: Sensitive input fields such as usernames, password and credit card numbers are passed
unencrypted
Fix: Always use SSL and POST (body) parameters when sending sensitive information.
2
Potential File Upload
Severity: High
CVSS Score: 0.0
URL: /Upload_Aadesh
Entity: FileUpload1 (Parameter)
Risk: It is possible to run remote commands on the web server. This usually means complete
compromise of the server and its contents
It is possible to upload, modify or delete web pages, scripts and files on the web server
Causes: Insecure web application programming or configuration
Fix: Restrict user capabilities and permissions during the file upload process
for file upload i cheked the file extension also
Reply
Answers (
0
)
Self signed SSL in IIS it show https: cross mark in red.
CyberSecuirity tool