Support #5186
[SCP ID :##2578##] : VAPT Findings for Year 2014 (Internet Banking Segment) Web Application Penetration Testing.
Status: | Closed - End of life cycle | Start date: | February 11, 2015 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | MY RIB | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:
IT security has conducted the web application penetration testing and attached the summary of the findings. Kindly need your help and expertise to review and revert on the findings.
History
#1 Updated by Zahir Abd Latif over 9 years ago
- Assignee changed from William Gozali Tan to Ahmad Hazri
Dear Hazri,
Kindly assist to update the current status in Redmine.
Thanks.
#2 Updated by Zahir Abd Latif over 9 years ago
Dear Ateh,
Any updates on this case?
Kindly assist to update the current status in Redmine.
Thanks.
#3 Updated by Ahmad Hazri over 9 years ago
- Status changed from New - Begin Life Cycle to Pending Customer Feedback
Hi Zahir
Put SCP under 'Customer Working' since awaiting their response to Proceed teh resolution.
#4 Updated by William Gozali Tan over 9 years ago
- Assignee changed from Ahmad Hazri to Aditya Prathama
#5 Updated by William Gozali Tan over 9 years ago
- File VAPT2014.7z added
Need Aditya to apply the fix for WEB-IB002 : HTML Comments Sensitive Information Disclosure.
for more details about the issue, kindly refer to the attachment.
#6 Updated by Aditya Prathama over 9 years ago
- File web.xml added
- File before.png added
- File after.png added
- Assignee changed from Aditya Prathama to William Gozali Tan
I successfully blocked HTTP request for OPTION TRACE HEAD and allow only POST and GET. this may be a problem for anonymous user get App Server Information in our Web Application.
for the setting just add to web.xml under <web-app> tag add 2 <security-constraint> tag which attached on this
and for your reference there is Screenshot before and after security implement
thanks
#7 Updated by Zahir Abd Latif almost 9 years ago
- Status changed from Pending Customer Feedback to Closed - End of life cycle
- Assignee changed from William Gozali Tan to Zahir Abd Latif
- % Done changed from 0 to 100
Issue closed in SCP.