IS480 Team wiki: 2017T1 TeamBFF SecurityTesting

From IS480
Jump to navigation Jump to search

TeamBFFs-Home-Icon.png   HOME


TeamBFFs-AboutUs-Icon.png   ABOUT US


TeamBFFs-ProjectOverview-Icon.png   PROJECT OVERVIEW


TeamBFFs-ProjectManagement-Icon.png   PROJECT MANAGEMENT


TeamBFFs-Documentation-Icon.png   DOCUMENTATION



Application Vulnerability Testing

Our sponsor, Jacinta Yang has a conducted an application vulnerability test during iteration 14.


To determine whether the system is vulnerable to common cyber security attacks


  • Injection
  • Broken authentication and session management
  • Cross-site scripting (XSS)
  • Broken Access Control
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Cross-site Request Forgery (CSRF)
  • Using known vulnerable components
  • Authentication Bypass

Security Metrics


Immediate review and attention from management as the threat may pose significant confidentiality, integrity and availability risks to the organization's information asset and system(s) if materialized.


Requires review and attention within the near item (typically one to three months) from management. The risk exposures are mitigated by compensating controls. If these threats are not addressed over time, the potential risk to the oganization's information assets may increase.


For review and later resolution by managemnet. The risk exposure does not havev a significant impact on operations. Addressing these risk exposures provide improvement on current controls.

The document below is the results of the vulnerability test

TeamBFF Images6.jpg