Activity

From November 07, 2021 to December 06, 2021

December 06, 2021

19:27 Task #12583 (Development / Work In Progress): Pentest_CDB - No Client-Side Session Timeout [LOW]: To standardize the end screen with IBAM Nurul Athira Abdul Rahim
18:59 Task #12579 (System Integration Test): Pentest_CDB - Username Enumeration [LOW]: JTM to justify Nurul Athira Abdul Rahim
18:58 Task #12577 (System Integration Test): Pentest_CDB - Insecure Direct Object Reference (IDOR) [MED]: SIT to verify Nurul Athira Abdul Rahim
18:53 Task #12566 (System Integration Test): Pentest_IBAM - No Client-Side Session Timeout [LOW]: Tested and passed in SIT Nurul Athira Abdul Rahim
18:49 1. CDB_Phase 2 & 3 Development Bug #12663 (Work Completed-End life cycle): Rentas_Android - Need to click option twice in popup ...: Path: BSNeBIZ > Payment & Transfer
Scenario:
1. Perform IBG transaction
2. Enter amount which exceeded IBG limit... Nurul Syahirah Md Nawi
18:26 1. CDB_Phase 2 & 3 Development Bug #12661 (Development / Work In Progress): Rentas_Android - Add validation to Recipient Referen...: Rahmat Aina Nadia
18:26 1. CDB_Phase 2 & 3 Development Bug #12662 (Development / Work In Progress): Rentas_Android - Add validation to Beneficiary ID fi...: Rahmat Aina Nadia
17:47 Task #12559 (System Integration Test): Pentest_IBAM - Username Enumeration [LOW]: Tested and passed on SIT
Nurul Athira Abdul Rahim
16:38 1. CDB_Phase 2 & 3 Development Bug #12662 (Work Completed-End life cycle): Rentas_Android - Add validation to Beneficiary ID fie...: Path: BSNeBIZ > Payment & Transfer
Scenario:
1. Perform *New Rentas transaction*/ *Favourite Rentas transaction*
... Nurul Syahirah Md Nawi
15:32 1. CDB_Phase 2 & 3 Development Bug #12660 (Internal Testing): Rentas_Web - Add Rentas option at Transfer Type: Issue:
Display shows BSN/DuitNow/IBG without RENTAS
Finding:
RENTAS does not added
Solution:
Added RENTAS in... Lai Wen Hong
15:31 1. CDB_Phase 2 & 3 Development Bug #12661 (Work Completed-End life cycle): Rentas_Android - Add validation to Recipient Referenc...: Path: BSNeBIZ > Payment & Transfer
Scenario:
1. Perform New *Rentas transaction*/ *Favourite Rentas transaction*
... Nurul Syahirah Md Nawi
13:24 1. CDB_Phase 2 & 3 Development Bug #12660 (Work Completed-End life cycle): Rentas_Web - Add Rentas option at Transfer Type: Path: BSNeBIZ > Transfer & Payment
Scenario:
1. Select Transfer Type
Current:
BSN/DuitNow/IBG
Expected:
B... Nurul Syahirah Md Nawi

December 02, 2021

06:18 1. CDB_Phase 2 & 3 Development Task #12636 (Code Review): Rentas_IBAM - To Add Rentas Daily Report & Rentas Exception Report in ...: Issue:
No option for Rentas Daily Report & Rentas Exception Report
Finding:
No keys and values of Rentas Daily R... Lai Wen Hong

December 01, 2021

15:23 1. CDB_Phase 2 & 3 Development Bug #12622 (Work Completed-End life cycle): Rentas_Web - Rentas Fees not deducted & display diffe...: Tested & passed Nurul Syahirah Md Nawi
15:02 1. CDB_Phase 2 & 3 Development Bug #12621 (Work Completed-End life cycle): Rentas_Web - System display error message in Approver...: Tested & passed Nurul Syahirah Md Nawi
10:25 1. CDB_Phase 2 & 3 Development Bug #12623 (Work Completed-End life cycle): Rentas_Web - Beneficiary ID type display as number in...: Tested & passed Nurul Syahirah Md Nawi
09:54 1. CDB_Phase 2 & 3 Development Bug #12623 (Internal Testing): Rentas_Web - Beneficiary ID type display as number in confirmation...: Nurul Syahirah Md Nawi
09:54 1. CDB_Phase 2 & 3 Development Bug #12622 (Internal Testing): Rentas_Web - Rentas Fees not deducted & display different from IBA...: Nurul Syahirah Md Nawi
09:47 1. CDB_Phase 2 & 3 Development Bug #12621 (Internal Testing): Rentas_Web - System display error message in Approver screen when ...: Nurul Syahirah Md Nawi
09:47 1. CDB_Phase 2 & 3 Development Bug #12538 (Internal Testing): Rentas - Changes in IBAM Service Info not reflect in BSNeBIZ: Nurul Syahirah Md Nawi

November 30, 2021

16:03 Task #12568 (Finished Development): Pentest_IBAM - Insecure Direct Object Reference (IDOR) [LOW]: Add validation check with deleted group. Add query criteria restriction equals to deleted FALSE filtering to get the ... Nurul Hasnieza Bt Mohd Zamri
14:41 Task #12576 (Development / Work In Progress): Pentest_CDB - Using Components with Known Vulnerabi...: Najmi Pasarudin
13:32 Task #12566 (Internal Testing): Pentest_IBAM - No Client-Side Session Timeout [LOW]: SIT has been deployed. Kindly retest. Nurul Hasnieza Bt Mohd Zamri
13:31 Task #12583 (Internal Testing): Pentest_CDB - No Client-Side Session Timeout [LOW]: SIT has been deployed. Kindly retest. Nurul Hasnieza Bt Mohd Zamri
13:29 Task #12577 (Internal Testing): Pentest_CDB - Insecure Direct Object Reference (IDOR) [MED]: SIT has been deployed. Kindly retest.
Replace url accountNo parameter with invalid account number. Will prompt inv... Nurul Hasnieza Bt Mohd Zamri
13:26 Task #12559 (Internal Testing): Pentest_IBAM - Username Enumeration [LOW]: SIT has been deployed. Kindly retest. Nurul Hasnieza Bt Mohd Zamri
12:10 Task #12579 (Internal Testing): Pentest_CDB - Username Enumeration [LOW]: Does not need to be fixed because CDB has 2 users and
default page for invalid user is displayed without an OTP.
Nurul Hasnieza Bt Mohd Zamri

November 29, 2021

18:04 1. CDB_Phase 2 & 3 Development Task #12636 (Work Completed-End life cycle): Rentas_IBAM - To Add Rentas Daily Report & Rentas Ex...: Path: IBAM > Corporate Back End > BSNeBIZ Report
Scenario:
1. In Advance Search, select Report Type
Current:
... Nurul Syahirah Md Nawi

November 25, 2021

16:13 Task #12583 (Finished Development): Pentest_CDB - No Client-Side Session Timeout [LOW]: Nurul Hasnieza Bt Mohd Zamri
10:24 1. CDB_Phase 2 & 3 Development Bug #12621 (Code Review): Rentas_Web - System display error message in Approver screen when using...: Issue:
System display error message in Approver screen when using Organization Specific & Tier Charges
Finding:
... Lai Wen Hong
09:50 1. CDB_Phase 2 & 3 Development Bug #12392 (Work Completed-End life cycle): Rentas - Popup issue: Follow test steps to set max limit for ibg.
Tested & passed Nurul Syahirah Md Nawi
09:34 1. CDB_Phase 2 & 3 Development Bug #12392: Rentas - Popup issue: HI Sya, please update the status of this issue. Denks Nurul Athira Abdul Rahim

November 24, 2021

22:50 1. CDB_Phase 2 & 3 Development Bug #12622 (Code Review): Rentas_Web - Rentas Fees not deducted & display different from IBAM set...: Issue:
Rentas Fees not deducted & display different from IBAM setting
Finding:
RENTAS transaction takes values f... Lai Wen Hong
22:35 1. CDB_Phase 2 & 3 Development Bug #12623 (Code Review): Rentas_Web - Beneficiary ID type display as number in confirmation & re...: Issue:
Beneficiary ID type display as number in confirmation & result page of Verifier & Approver
Finding:
Confi... Lai Wen Hong
15:27 1. CDB_Phase 2 & 3 Development Bug #12623 (Work Completed-End life cycle): Rentas_Web - Beneficiary ID type display as number in...: Path: BSNeBIZ > Payment & Transfer
Scenario:
1. Perform Rentas transaction
2. Verify & approve Rentas transacti... Nurul Syahirah Md Nawi
15:10 1. CDB_Phase 2 & 3 Development Bug #12537 (Work Completed-End life cycle): Rentas_Web - Add validation to Beneficiary ID field f...: Tested & pass Nurul Syahirah Md Nawi
14:24 1. CDB_Phase 2 & 3 Development Bug #12622 (Work Completed-End life cycle): Rentas_Web - Rentas Fees not deducted & display diffe...: Path: IBAM > CBE > Organization Setup > Online Payment Charges
Scenario:
1. Select Edit button
2. In Interbank T... Nurul Syahirah Md Nawi
14:01 1. CDB_Phase 2 & 3 Development Bug #12621 (Work Completed-End life cycle): Rentas_Web - System display error message in Approver...: Path: IBAM > CBE > Organization Setup > Online Payment Charges
Scenario:
1. Select Edit button
2. In Interbank T... Nurul Syahirah Md Nawi
13:25 Task #12566 (Finished Development): Pentest_IBAM - No Client-Side Session Timeout [LOW]: Nurul Hasnieza Bt Mohd Zamri

November 10, 2021

11:50 Task #12593 (Closed - End of life cycle): Pentest_CDB - Arbitrary Host Header Accepted [INFO]: In many cases, developers are trusting the HTTP Host header value and using it to generate links, import scripts and ... Nurul Athira Abdul Rahim
11:48 Task #12592 (Closed - End of life cycle): Pentest_CDB - TLS/SSL Server Supports The Use of Static...: The server is configured to support ciphers known as static key ciphers. These ciphers don't support "Forward Secrecy... Nurul Athira Abdul Rahim
11:46 Task #12591 (Closed - End of life cycle): Pentest_CDB - TLS/SSL Server Is Using Commonly Used Pri...: The server is using a common or default prime number as a parameter during the Diffie-Hellman key exchange. This make... Nurul Athira Abdul Rahim
11:44 Task #12590 (Closed - End of life cycle): Pentest_CDB - Diffie-Hellman Group Smaller Than 2048 Bi...: The web server uses a Diffie-Hellman group with a prime modulus of less than 2048 bits in length. Current estimates a... Nurul Athira Abdul Rahim
11:43 Task #12589 (Closed - End of life cycle): Pentest_CDB - [POTENTIAL] TLS/SSL Timing Side-Channel A...: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other prod... Nurul Athira Abdul Rahim
11:40 Task #12588 (Closed - End of life cycle): Pentest_CDB - Missing HTTP "Strict-Transport-Security" ...: The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify... Nurul Athira Abdul Rahim
11:38 Task #12587 (Closed - End of life cycle): Pentest_CDB - Missing "X-Frame-Options" Header [LOW]: If a page fails to set an appropriate X-Frame-Options header, it might be possible for a page controlled by an attack... Nurul Athira Abdul Rahim
11:36 Task #12586 (Closed - End of life cycle): Pentest_CDB - Missing "X-Content-Type-Options" Header [...: The "X-Content-Type-Options" header (with "nosniff" value) prevents IE and Chrome from ignoring the content-type of a... Nurul Athira Abdul Rahim

November 09, 2021

14:13 Task #12584 (Closed - End of life cycle): Pentest_CDB - Missing "Content-Security-Policy" Header ...: The "Content-Security-Policy" (CSP) header is designed to modify the way browsers render pages, and thus to protect f... Nurul Athira Abdul Rahim
14:11 Task #12583 (Work Completed-End life cycle): Pentest_CDB - No Client-Side Session Timeout [LOW]: The application does not implement client-side session timeout to redirect browser to login or logout page. The lack ... Nurul Athira Abdul Rahim
14:09 Task #12582 (Closed - End of life cycle): Pentest_CDB - OTP Does Not Expire [LOW]: During the application test, LGMS team observed that the last OTP that requested will not expire and will still avail... Nurul Athira Abdul Rahim
14:07 Task #12581 (Closed - End of life cycle): Pentest_CDB - Usable Previously Requested OTP [LOW]: During the application test, LGMS team observed that the old OTPs can be reused. This will increase the chances of an... Nurul Athira Abdul Rahim
14:04 Task #12580 (Rejected - End of life cycle): Pentest_CDB - [POTENTIAL] Malicious File Upload [LOW]: Uploaded files represent a significant risk to applications. Many application's business process allow users to uploa... Nurul Athira Abdul Rahim

November 08, 2021

17:33 Task #12579: Pentest_CDB - Username Enumeration [LOW]: Action Plan:
To confirm with LGMS team on the user. Currently CDB have 2 user SingleUser (With OTP screen) and Initi... Nurul Athira Abdul Rahim
17:33 Task #12579 (Closed - End of life cycle): Pentest_CDB - Username Enumeration [LOW]: Web applications often reveal when a username exists on system, either as a consequence of mis-configuration or as a ... Nurul Athira Abdul Rahim
17:25 Task #12578 (Development / Work In Progress): Pentest_CDB - TLS Cookie Without Secure Flag Set [MED]: If the Secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypt... Nurul Athira Abdul Rahim
17:19 Task #12577 (Closed - End of life cycle): Pentest_CDB - Insecure Direct Object Reference (IDOR) [...: Insecure direct object reference occurs when an application provides direct access to objects based on user-supplied ... Nurul Athira Abdul Rahim
17:17 Task #12576 (Closed - End of life cycle): Pentest_CDB - Using Components with Known Vulnerabiliti...: During the application test, LGMS security team observed that the libraries used by the application are not up to dat... Nurul Athira Abdul Rahim
17:16 1. CDB_Phase 2 & 3 Development Feature #12190 (Development / Work In Progress): Corporate Card - Statement: Nurul Hasnieza Bt Mohd Zamri
17:14 1. CDB_Phase 2 & 3 Development Enhancement #12323 (Internal Testing): UAT_Card - IBAM - To include Corporate Card in BSNeBIZ Report: Card report has been updated. Kindly retest.
auto generate separated card report has been updated by Najmi.
Kin... Nurul Hasnieza Bt Mohd Zamri
17:12 Task #12575 (Development / Work In Progress): Pentest_IBAM - HTTP TRACE Method Enabled[INFO]: The HTTP TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests that u... Nurul Athira Abdul Rahim
17:11 Task #12574 (Closed - End of life cycle): Pentest_IBAM - Arbitrary Host Header Accepted [INFO]: In many cases, developers are trusting the HTTP Host header value and using it to generate links, import scripts and ... Nurul Athira Abdul Rahim
17:09 Task #12573 (Closed - End of life cycle): Pentest_IBAM - TLS/SSL Server Supports The Use of Stati...: The server is configured to support ciphers known as static key ciphers. These ciphers don't support "Forward Secrecy... Nurul Athira Abdul Rahim
17:07 Task #12572 (Closed - End of life cycle): Pentest_IBAM - TLS/SSL Server Is Using Commonly Used Pr...: The server is using a common or default prime number as a parameter during the Diffie-Hellman key exchange. This make... Nurul Athira Abdul Rahim
17:06 Task #12571 (Closed - End of life cycle): Pentest_IBAM - Diffie-Hellman Group Smaller Than 2048 B...: The web server uses a Diffie-Hellman group with a prime modulus of less than 2048 bits in length. Current estimates a... Nurul Athira Abdul Rahim
17:04 Task #12570 (Closed - End of life cycle): Pentest_IBAM - [POTENTIAL] TLS/SSL Timing Side-Channel ...: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other prod... Nurul Athira Abdul Rahim
17:02 Task #12569 (Closed - End of life cycle): Pentest_IBAM - Reflected Cross-Site Scripting (XSS) [LOW]: Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the applicati... Nurul Athira Abdul Rahim
17:00 Task #12568 (Closed - End of life cycle): Pentest_IBAM - Insecure Direct Object Reference (IDOR) ...: Insecure direct object reference occurs when an application provides direct access to objects based on user-supplied ... Nurul Athira Abdul Rahim
16:31 Task #12566 (Work Completed-End life cycle): Pentest_IBAM - No Client-Side Session Timeout [LOW]: The application does not implement client-side session timeout to redirect browser to login or logout page. The lack ... Nurul Athira Abdul Rahim
16:29 Task #12564 (Work Completed-End life cycle): Pentest_IBAM - Multiple Concurrent Session Allowed [...: The web application allows multiple simultaneous logons from the same user from different client IP addresses. There ... Nurul Athira Abdul Rahim
16:27 Task #12563 (Work Completed-End life cycle): Pentest_IBAM - Missing HTTP "Strict-Transport-Securi...: The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify... Nurul Athira Abdul Rahim
16:25 Task #12562 (Work Completed-End life cycle): Pentest_IBAM - Missing "X-Frame-Options" Header [LOW]: If a page fails to set an appropriate X-Frame-Options header, it might be possible for a page controlled by an attack... Nurul Athira Abdul Rahim
16:23 Task #12561 (Work Completed-End life cycle): Pentest_IBAM - Missing "X-Content-Type-Options" Head...: The "X-Content-Type-Options" header (with "nosniff" value) prevents IE and Chrome from ignoring the content-type of a... Nurul Athira Abdul Rahim
16:21 Task #12560 (Work Completed-End life cycle): Pentest_IBAM - Missing "Content-Security-Policy" Hea...: The "Content-Security-Policy" header is designed to modify the way browsers render pages, and thus to protect from va... Nurul Athira Abdul Rahim
16:19 Task #12559 (Closed - End of life cycle): Pentest_IBAM - Username Enumeration [LOW]: Web applications often reveal when a username exists on system, either as a consequence of mis-configuration or as a ... Nurul Athira Abdul Rahim
16:16 Task #12558 (Work Completed-End life cycle): Pentest_IBAM - Using Components with Known Vulnerabi...: During the application test, LGMS security team observed that the libraries used by the application are not up to dat... Nurul Athira Abdul Rahim
16:14 Task #12557 (Work Completed-End life cycle): Pentest_IBAM - TLS Cookie Without Secure Flag Set [MED]: If the Secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypt... Nurul Athira Abdul Rahim
16:07 Task #12556 (Closed - End of life cycle): Pentest - 2nd Assessment [2021]: List of pentest task IBAM and BSNeBiz Nurul Athira Abdul Rahim
16:06 Task #12555 (Work Completed-End life cycle): Pentest_IBAM - SQL Injection [HIGH]: SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsaf... Nurul Athira Abdul Rahim
09:58 1. CDB_Phase 2 & 3 Development Bug #11900 (Internal Testing): Auto sweep - System not select all selected item: Nurul Hasnieza Bt Mohd Zamri

« Previous

Also available in: Atom

A- Active Projects » BSN Corporate Digital Banking

Activity

Activity

December 06, 2021

December 02, 2021

December 01, 2021

November 30, 2021

November 29, 2021

November 25, 2021

November 24, 2021

November 22, 2021

November 18, 2021

November 17, 2021

November 16, 2021

November 12, 2021

November 11, 2021

November 10, 2021

November 09, 2021

November 08, 2021