Activity
From October 19, 2021 to November 17, 2021
November 17, 2021
-
17:36
Task #12577 (Finished Development): Pentest_CDB - Insecure Direct Object Reference (IDOR) [MED]
- Add validation check insert other account number with user account number.
Nurul Hasnieza Bt Mohd Zamri
November 16, 2021
-
09:54
1. CDB_Phase 2 & 3 Development
Task #12168 (Development / Work In Progress): [Phase_2] Mobile [IOS] : RFP 1.6 - SOCSO
- Preprod version -
System display blank details at authorization.
Nurul Athira Abdul Rahim
November 12, 2021
-
10:02
1. CDB_Phase 2 & 3 Development
Enhancement #12323: UAT_Card - IBAM - To include Corporate Card in BSNeBIZ Report
- Tested & passed
Nurul Syahirah Md Nawi
-
10:01
1. CDB_Phase 2 & 3 Development
Enhancement #12323 (User Acceptance Test): UAT_Card - IBAM - To include Corporate Card in BSNeBIZ...
-
Nurul Syahirah Md Nawi
November 11, 2021
-
14:07
Task #12577 (Development / Work In Progress): Pentest_CDB - Insecure Direct Object Reference (IDO...
-
Nurul Hasnieza Bt Mohd Zamri
-
13:54
Internal Testing - IBAM
Task #8846 (Closed - End of life cycle): [BSN_IBAM-SIT] : IBAM002 - Authorization (BBE & CBE)
-
Norhaidah Md Dasuki
November 10, 2021
-
11:50
Task #12593 (Closed - End of life cycle): Pentest_CDB - Arbitrary Host Header Accepted [INFO]
- In many cases, developers are trusting the HTTP Host header value and using it to generate links, import scripts and ...
Nurul Athira Abdul Rahim
-
11:48
Task #12592 (Closed - End of life cycle): Pentest_CDB - TLS/SSL Server Supports The Use of Static...
- The server is configured to support ciphers known as static key ciphers. These ciphers don't support "Forward Secrecy...
Nurul Athira Abdul Rahim
-
11:46
Task #12591 (Closed - End of life cycle): Pentest_CDB - TLS/SSL Server Is Using Commonly Used Pri...
- The server is using a common or default prime number as a parameter during the Diffie-Hellman key exchange. This make...
Nurul Athira Abdul Rahim
-
11:44
Task #12590 (Closed - End of life cycle): Pentest_CDB - Diffie-Hellman Group Smaller Than 2048 Bi...
- The web server uses a Diffie-Hellman group with a prime modulus of less than 2048 bits in length. Current estimates a...
Nurul Athira Abdul Rahim
-
11:43
Task #12589 (Closed - End of life cycle): Pentest_CDB - [POTENTIAL] TLS/SSL Timing Side-Channel A...
- The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other prod...
Nurul Athira Abdul Rahim
-
11:40
Task #12588 (Closed - End of life cycle): Pentest_CDB - Missing HTTP "Strict-Transport-Security" ...
- The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify...
Nurul Athira Abdul Rahim
-
11:38
Task #12587 (Closed - End of life cycle): Pentest_CDB - Missing "X-Frame-Options" Header [LOW]
- If a page fails to set an appropriate X-Frame-Options header, it might be possible for a page controlled by an attack...
Nurul Athira Abdul Rahim
-
11:36
Task #12586 (Closed - End of life cycle): Pentest_CDB - Missing "X-Content-Type-Options" Header [...
- The "X-Content-Type-Options" header (with "nosniff" value) prevents IE and Chrome from ignoring the content-type of a...
Nurul Athira Abdul Rahim
November 09, 2021
-
14:13
Task #12584 (Closed - End of life cycle): Pentest_CDB - Missing "Content-Security-Policy" Header ...
- The "Content-Security-Policy" (CSP) header is designed to modify the way browsers render pages, and thus to protect f...
Nurul Athira Abdul Rahim
-
14:11
Task #12583 (Work Completed-End life cycle): Pentest_CDB - No Client-Side Session Timeout [LOW]
- The application does not implement client-side session timeout to redirect browser to login or logout page. The lack ...
Nurul Athira Abdul Rahim
-
14:09
Task #12582 (Closed - End of life cycle): Pentest_CDB - OTP Does Not Expire [LOW]
- During the application test, LGMS team observed that the last OTP that requested will not expire and will still avail...
Nurul Athira Abdul Rahim
-
14:07
Task #12581 (Closed - End of life cycle): Pentest_CDB - Usable Previously Requested OTP [LOW]
- During the application test, LGMS team observed that the old OTPs can be reused. This will increase the chances of an...
Nurul Athira Abdul Rahim
-
14:04
Task #12580 (Rejected - End of life cycle): Pentest_CDB - [POTENTIAL] Malicious File Upload [LOW]
- Uploaded files represent a significant risk to applications. Many application's business process allow users to uploa...
Nurul Athira Abdul Rahim
November 08, 2021
-
17:33
Task #12579: Pentest_CDB - Username Enumeration [LOW]
- Action Plan:
To confirm with LGMS team on the user. Currently CDB have 2 user SingleUser (With OTP screen) and Initi...
Nurul Athira Abdul Rahim
-
17:33
Task #12579 (Closed - End of life cycle): Pentest_CDB - Username Enumeration [LOW]
- Web applications often reveal when a username exists on system, either as a consequence of mis-configuration or as a ...
Nurul Athira Abdul Rahim
-
17:25
Task #12578 (Development / Work In Progress): Pentest_CDB - TLS Cookie Without Secure Flag Set [MED]
- If the Secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypt...
Nurul Athira Abdul Rahim
-
17:19
Task #12577 (Closed - End of life cycle): Pentest_CDB - Insecure Direct Object Reference (IDOR) [...
- Insecure direct object reference occurs when an application provides direct access to objects based on user-supplied ...
Nurul Athira Abdul Rahim
-
17:17
Task #12576 (Closed - End of life cycle): Pentest_CDB - Using Components with Known Vulnerabiliti...
- During the application test, LGMS security team observed that the libraries used by the application are not up to dat...
Nurul Athira Abdul Rahim
-
17:16
1. CDB_Phase 2 & 3 Development
Feature #12190 (Development / Work In Progress): Corporate Card - Statement
-
Nurul Hasnieza Bt Mohd Zamri
-
17:14
1. CDB_Phase 2 & 3 Development
Enhancement #12323 (Internal Testing): UAT_Card - IBAM - To include Corporate Card in BSNeBIZ Report
- Card report has been updated. Kindly retest.
auto generate separated card report has been updated by Najmi.
Kin...
Nurul Hasnieza Bt Mohd Zamri
-
17:12
Task #12575 (Development / Work In Progress): Pentest_IBAM - HTTP TRACE Method Enabled[INFO]
- The HTTP TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests that u...
Nurul Athira Abdul Rahim
-
17:11
Task #12574 (Closed - End of life cycle): Pentest_IBAM - Arbitrary Host Header Accepted [INFO]
- In many cases, developers are trusting the HTTP Host header value and using it to generate links, import scripts and ...
Nurul Athira Abdul Rahim
-
17:09
Task #12573 (Closed - End of life cycle): Pentest_IBAM - TLS/SSL Server Supports The Use of Stati...
- The server is configured to support ciphers known as static key ciphers. These ciphers don't support "Forward Secrecy...
Nurul Athira Abdul Rahim
-
17:07
Task #12572 (Closed - End of life cycle): Pentest_IBAM - TLS/SSL Server Is Using Commonly Used Pr...
- The server is using a common or default prime number as a parameter during the Diffie-Hellman key exchange. This make...
Nurul Athira Abdul Rahim
-
17:06
Task #12571 (Closed - End of life cycle): Pentest_IBAM - Diffie-Hellman Group Smaller Than 2048 B...
- The web server uses a Diffie-Hellman group with a prime modulus of less than 2048 bits in length. Current estimates a...
Nurul Athira Abdul Rahim
-
17:04
Task #12570 (Closed - End of life cycle): Pentest_IBAM - [POTENTIAL] TLS/SSL Timing Side-Channel ...
- The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other prod...
Nurul Athira Abdul Rahim
-
17:02
Task #12569 (Closed - End of life cycle): Pentest_IBAM - Reflected Cross-Site Scripting (XSS) [LOW]
- Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the applicati...
Nurul Athira Abdul Rahim
-
17:00
Task #12568 (Closed - End of life cycle): Pentest_IBAM - Insecure Direct Object Reference (IDOR) ...
- Insecure direct object reference occurs when an application provides direct access to objects based on user-supplied ...
Nurul Athira Abdul Rahim
-
16:31
Task #12566 (Work Completed-End life cycle): Pentest_IBAM - No Client-Side Session Timeout [LOW]
- The application does not implement client-side session timeout to redirect browser to login or logout page. The lack ...
Nurul Athira Abdul Rahim
-
16:29
Task #12564 (Work Completed-End life cycle): Pentest_IBAM - Multiple Concurrent Session Allowed [...
- The web application allows multiple simultaneous logons from the same user from different client IP addresses. There ...
Nurul Athira Abdul Rahim
-
16:27
Task #12563 (Work Completed-End life cycle): Pentest_IBAM - Missing HTTP "Strict-Transport-Securi...
- The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify...
Nurul Athira Abdul Rahim
-
16:25
Task #12562 (Work Completed-End life cycle): Pentest_IBAM - Missing "X-Frame-Options" Header [LOW]
- If a page fails to set an appropriate X-Frame-Options header, it might be possible for a page controlled by an attack...
Nurul Athira Abdul Rahim
-
16:23
Task #12561 (Work Completed-End life cycle): Pentest_IBAM - Missing "X-Content-Type-Options" Head...
- The "X-Content-Type-Options" header (with "nosniff" value) prevents IE and Chrome from ignoring the content-type of a...
Nurul Athira Abdul Rahim
-
16:21
Task #12560 (Work Completed-End life cycle): Pentest_IBAM - Missing "Content-Security-Policy" Hea...
- The "Content-Security-Policy" header is designed to modify the way browsers render pages, and thus to protect from va...
Nurul Athira Abdul Rahim
-
16:19
Task #12559 (Closed - End of life cycle): Pentest_IBAM - Username Enumeration [LOW]
- Web applications often reveal when a username exists on system, either as a consequence of mis-configuration or as a ...
Nurul Athira Abdul Rahim
-
16:16
Task #12558 (Work Completed-End life cycle): Pentest_IBAM - Using Components with Known Vulnerabi...
- During the application test, LGMS security team observed that the libraries used by the application are not up to dat...
Nurul Athira Abdul Rahim
-
16:14
Task #12557 (Work Completed-End life cycle): Pentest_IBAM - TLS Cookie Without Secure Flag Set [MED]
- If the Secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypt...
Nurul Athira Abdul Rahim
-
16:07
Task #12556 (Closed - End of life cycle): Pentest - 2nd Assessment [2021]
- List of pentest task IBAM and BSNeBiz
Nurul Athira Abdul Rahim
-
16:06
Task #12555 (Work Completed-End life cycle): Pentest_IBAM - SQL Injection [HIGH]
- SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsaf...
Nurul Athira Abdul Rahim
-
09:58
1. CDB_Phase 2 & 3 Development
Bug #11900 (Internal Testing): Auto sweep - System not select all selected item
-
Nurul Hasnieza Bt Mohd Zamri
November 05, 2021
-
10:25
1. CDB_Phase 2 & 3 Development
Bug #12538 (Code Review): Rentas - Changes in IBAM Service Info not reflect in BSNeBIZ
- Hi Najmi,
Kindly help me doing code review on this.
Thank you.
----------
Issue:
Certain settings in service i...
Lai Wen Hong
November 03, 2021
-
16:43
1. CDB_Phase 2 & 3 Development
Bug #12537 (Finished Development): Rentas_Web - Add validation to Beneficiary ID field for new & ...
-
Nurul Hasnieza Bt Mohd Zamri
November 02, 2021
-
15:45
1. CDB_Phase 2 & 3 Development
Bug #12538 (Work Completed-End life cycle): Rentas - Changes in IBAM Service Info not reflect in ...
- Path: IBAM > Bank Back End > Content > Service Info
Scenario:
1. Search for *BFUNORR* (New Interbank Rentas Trans...
Nurul Syahirah Md Nawi
-
13:11
1. CDB_Phase 2 & 3 Development
Bug #12537 (Work Completed-End life cycle): Rentas_Web - Add validation to Beneficiary ID field f...
- Path: BSNeBIZ Web > Transfer & payment
Scenario:
1. Perform Rentas transaction (new account/favourite account)
2...
Nurul Syahirah Md Nawi
-
10:38
1. CDB_Phase 2 & 3 Development
Task #12396 (Code Review): Rentas - Restful
- Hi Najmi,
Kindly help me on code review for this.
Thank you.
----------
Updates:
# In bsn-restful-adapter proj...
Lai Wen Hong
November 01, 2021
-
18:15
1. CDB_Phase 2 & 3 Development
Feature #12395 (Code Review): Rentas - AMLA checking
- Hi Najmi,
Kindly help me doing code review on this.
Thank you.
----------
Updates:
AMLA checking is added into...
Lai Wen Hong
October 25, 2021
-
22:45
1. CDB_Phase 2 & 3 Development
Task #12396 (Development / Work In Progress): Rentas - Restful
- Updates:
# In bsn-restful project, new request and response beans that may need for RENTAS are added in interbank ...
Lai Wen Hong
-
18:49
1. CDB_Phase 2 & 3 Development
Bug #12071 (Work Completed-End life cycle): Multiple window - System display today date empty
- Tested and passed
Nurul Athira Abdul Rahim
-
15:22
1. CDB_Phase 2 & 3 Development
Feature #12395: Rentas - AMLA checking
- Updates:
# The AMLA checking is set into RENTAS transaction before proceeding to confirm page.
# There are few va...
Lai Wen Hong
-
15:13
1. CDB_Phase 2 & 3 Development
Bug #12386 (Work Completed-End life cycle): Corporate Card - "null" is displayed at Transfer Mode...
- Tested & passed
Nurul Syahirah Md Nawi
-
14:19
1. CDB_Phase 2 & 3 Development
Bug #12386 (Internal Testing): Corporate Card - "null" is displayed at Transfer Mode field of Ver...
- Issue has been fixed. SIT deploy on 25/10/2021.
Kindly retest.
Nurul Hasnieza Bt Mohd Zamri
October 22, 2021
-
13:36
1. CDB_Phase 2 & 3 Development
Feature #12265 (Work Completed-End life cycle): Multiple Batch - To add detail window time and t...
- Tested and passed
Nurul Athira Abdul Rahim
-
13:34
1. CDB_Phase 2 & 3 Development
Bug #12295 (Work Completed-End life cycle): SIT [Multiple Batch] - No enter amount button dsiplay
- Tetsed and passed
Nurul Athira Abdul Rahim
Also available in: Atom