We are glad to inform that AMODIT has successfully passed security audit. Both automatic and manual tests were run. During tests preparation special stress was put on detecting exploits mentioned in OWASP Top 10 (http://www.owasp.org/), SANS Top 20 attack vectors (http://www.sans.org/top20/) and MITRE's Common Weakness Enumeration (CWE) (http://cwe.mitre.org/).
The attempts of following sorts of attacks were performed:
- SQL injection
- OS command injection
- Classic buffer overflow
- Cross-site scripting (XSS)
- Cross-site reguest forgery (CSRF)
- Session hijacking
- Foreceful browsing
- Missing function level access control request
What is more, the following areas were examined:
- Password policy (include: recovery, changing, strenght)
- Cookies expire policy
- Database roles policy
- Strength of cryptographic algorithms
No comments:
Post a Comment