Support #14176
[SCP ID :##7138##] : Security Gaps Identified
| Status: | Pending Review | Start date: | September 10, 2024 | ||
|---|---|---|---|---|---|
| Priority: | Normal | Due date: | |||
| Assignee: |  Binti Marobi Athirah Umairah | % Done: | 90% | ||
| Category: | Others | Spent time: | - | ||
| Target version: | - |
Description
Hi,
Kindly attend below request:-
Security Gaps Identified by BNM for BSNeBiz Website
History
#1
Updated by Binti Marobi Athirah Umairah 9 days ago
- Category set to Others
- Assignee changed from Nurul Athira Abdul Rahim to Najmi Pasarudin
#2
Updated by Najmi Pasarudin 9 days ago
- File screen.png added
- Status changed from New - Begin Life Cycle to System Integration Test
- Assignee changed from Najmi Pasarudin to Binti Marobi Athirah Umairah
- % Done changed from 0 to 90
Issue:
Bank negara reported the website bsn-cdb is missing Content Security Policy frame-ancestors 'self';
Finding:
frame-ancestors 'self'; is not setup in web server config file
Solution:
Add frame-ancestors 'self'; to web server config file at /opt/IBM/HTTPServer/conf/httpd.conf
- Access browser F12 to view Network information. Refer screen.png
- Access bsn-cdb-sit. Example http://bsn-gateway.penril.my:6010/bsn-cdb-sit/commonLogin or http://10.10.95.121:8080/bsn-cdb-sit/commonLogin
- Expected result, at Content Security Policy has frame-ancestors 'self';
#3
Updated by Najmi Pasarudin 1 day ago
- Status changed from System Integration Test to Pending Review
Web server config updated to production on 13/09/2024.
Currently monitoring for any issue with BSNeBiz.