HeaderSIS.jpg

Difference between revisions of "IS480 Team wiki: 2017T1 TeamBFF SecurityTesting"

From IS480
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 56: Line 56:
 
<br>
 
<br>
  
<p><font size=3>Our sponsor, Jacinta Yang has a conducted an application vulnerability test during iteration 14. The document below is the results of the vulnerability test</font></p>
+
<p><font size=3>Our sponsor, Jacinta Yang has a conducted an application vulnerability test during iteration 14. </font></p>
 +
 
 +
=== Objective ===
 +
To determine whether the system is vulnerable to common cyber security attacks
 +
 
 +
=== Scope ===
 +
<p>
 +
<ul>
 +
<li>Injection</li>
 +
<li>Broken authentication and session management</li>
 +
<li>Cross-site scripting (XSS)</li>
 +
<li>Broken Access Control</li>
 +
<li>Security Misconfiguration</li>
 +
<li>Sensitive Data Exposure</li>
 +
<li>Cross-site Request Forgery (CSRF)</li>
 +
<li>Using known vulnerable components</li>
 +
<li>Authentication Bypass</li>
 +
</ul>
 +
</p>
 +
 
 +
=== Security Metrics ===
 +
<div width="100%" align="center">
 +
{| class="wikitable" style="border-spacing: 0; margin: 1em auto;"
 +
|-
 +
 
 +
|-
 +
| style="text-align:center; padding: 5px;background:#d41c23;color:white;" |
 +
'''High'''
 +
| style=" padding: 5px;" |
 +
Immediate review and attention from management as the threat may pose significant confidentiality, integrity and availability risks to the organization's information asset and system(s) if materialized.
 +
|-
 +
| style="text-align:center; padding: 5px;background:#dbb22b;color:white;" |
 +
'''Medium'''
 +
| style=" padding: 5px;" |
 +
Requires review and attention within the near item (typically one to three months) from management. The risk exposures are mitigated by compensating controls. If these threats are not addressed over time, the potential risk to the oganization's information assets may increase.
 +
|-
 +
| style="text-align:center; padding: 5px;background:#40aa16;color:white;" |
 +
'''Low'''
 +
| style=" padding: 5px;" |
 +
For review and later resolution by managemnet. The risk exposure does not havev a significant impact on operations. Addressing these risk exposures provide improvement on current controls.
 +
|-
 +
|}
 +
</div>
 +
 
 +
 
 +
<p><font size=3>The document below is the results of the vulnerability test</font></p>
  
 
[[File:TeamBFF Images6.jpg|link=https://drive.google.com/open?id=1urKVLypnphuLpwm-jX5EYvshGU_z_NKr|center|350px]]
 
[[File:TeamBFF Images6.jpg|link=https://drive.google.com/open?id=1urKVLypnphuLpwm-jX5EYvshGU_z_NKr|center|350px]]

Latest revision as of 09:55, 22 November 2017

TEamBFF-Banner.jpg


TeamBFFs-Home-Icon.png   HOME

 

TeamBFFs-AboutUs-Icon.png   ABOUT US

 

TeamBFFs-ProjectOverview-Icon.png   PROJECT OVERVIEW

 

TeamBFFs-ProjectManagement-Icon.png   PROJECT MANAGEMENT

 

TeamBFFs-Documentation-Icon.png   DOCUMENTATION



 

 



Application Vulnerability Testing


Our sponsor, Jacinta Yang has a conducted an application vulnerability test during iteration 14.

Objective

To determine whether the system is vulnerable to common cyber security attacks

Scope

  • Injection
  • Broken authentication and session management
  • Cross-site scripting (XSS)
  • Broken Access Control
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Cross-site Request Forgery (CSRF)
  • Using known vulnerable components
  • Authentication Bypass

Security Metrics

High

Immediate review and attention from management as the threat may pose significant confidentiality, integrity and availability risks to the organization's information asset and system(s) if materialized.

Medium

Requires review and attention within the near item (typically one to three months) from management. The risk exposures are mitigated by compensating controls. If these threats are not addressed over time, the potential risk to the oganization's information assets may increase.

Low

For review and later resolution by managemnet. The risk exposure does not havev a significant impact on operations. Addressing these risk exposures provide improvement on current controls.


The document below is the results of the vulnerability test

TeamBFF Images6.jpg