Search This Blog

Wednesday, January 14, 2015

AMODIT passed security audit

We are glad to inform that AMODIT has successfully passed security audit. Both automatic and manual tests were run. During tests preparation special stress was put on detecting exploits mentioned in OWASP Top 10 (, SANS Top 20 attack vectors ( and MITRE's Common Weakness Enumeration (CWE) (
The attempts of following sorts of attacks were performed:

  • SQL injection
  • OS command injection
  • Classic buffer overflow
  • Cross-site scripting (XSS)
  • Cross-site reguest forgery (CSRF)
  • Session hijacking
  • Foreceful browsing
  • Missing function level access control request

What is more, the following areas were examined:

  • Password policy (include: recovery, changing, strenght)
  • Cookies expire policy
  • Database roles policy
  • Strength of cryptographic algorithms

No comments:

Post a Comment