Difference between revisions of "IS480 Team wiki: 2017T1 TeamBFF SecurityTesting"
Kyfan.2015 (talk | contribs) |
Kyfan.2015 (talk | contribs) |
||
Line 58: | Line 58: | ||
<p><font size=3>Our sponsor, Jacinta Yang has a conducted an application vulnerability test during iteration 14. </font></p> | <p><font size=3>Our sponsor, Jacinta Yang has a conducted an application vulnerability test during iteration 14. </font></p> | ||
+ | === Objective === | ||
+ | To determine whether the system is vulnerable to common cyber security attacks | ||
=== Scope === | === Scope === |
Latest revision as of 09:55, 22 November 2017
Our sponsor, Jacinta Yang has a conducted an application vulnerability test during iteration 14.
Objective
To determine whether the system is vulnerable to common cyber security attacks
Scope
- Injection
- Broken authentication and session management
- Cross-site scripting (XSS)
- Broken Access Control
- Security Misconfiguration
- Sensitive Data Exposure
- Cross-site Request Forgery (CSRF)
- Using known vulnerable components
- Authentication Bypass
Security Metrics
High |
Immediate review and attention from management as the threat may pose significant confidentiality, integrity and availability risks to the organization's information asset and system(s) if materialized. |
Medium |
Requires review and attention within the near item (typically one to three months) from management. The risk exposures are mitigated by compensating controls. If these threats are not addressed over time, the potential risk to the oganization's information assets may increase. |
Low |
For review and later resolution by managemnet. The risk exposure does not havev a significant impact on operations. Addressing these risk exposures provide improvement on current controls. |
The document below is the results of the vulnerability test