Activity
From April 16, 2022 to May 15, 2022
May 13, 2022
- 17:50 Task #12990 (Development / Work In Progress): [IOS] - Pentest - L13 - App Transport Security (ATS...
May 12, 2022
- 17:31 Support #12961: [SCP ID :##6267##] : Fail receipt shown at Auto Debit Billing
- Tested & passed
- 14:12 Support #12936: [SCP ID :##6250##] : Web Application Pentest Remediation
- Add new H1 and M1 test result.
H1-screenshot from Firefox
M1-screenshot of removed unsecured library - 14:05 Task #12984 (Internal Testing): Pentest - L8 - Parameter Tampering (Generate PDF)
- Issue:
Receipt PDF restful parameter can be modified
Finding:
Solution: Generate PDF parameter at middle-servic... - 14:00 Support #12832 (User Acceptance Test): [SCP ID :##6168##] : Generate Report failed when select State
- Hi Athira,
Item is ready for UAT. - 14:00 Support #12832 (Development / Work In Progress): [SCP ID :##6168##] : Generate Report failed when...
- 14:00 Support #12832 (Code Review): [SCP ID :##6168##] : Generate Report failed when select State
- 13:59 Support #12775 (User Acceptance Test): [SCP ID :##6126##] : BSNeBiz Report for DuitNow - RFT115320
- Hi Athira,
Item is ready for UAT. - 13:59 Support #12775 (Development / Work In Progress): [SCP ID :##6126##] : BSNeBiz Report for DuitNow ...
- 13:59 Support #12775 (Code Review): [SCP ID :##6126##] : BSNeBiz Report for DuitNow - RFT115320
- 13:58 Support #12282 (User Acceptance Test): [SCP ID :##5970##] : IBAM Report - Transactional Summary
- Hi Athira,
Item is ready for UAT. - 13:58 Support #12282 (Development / Work In Progress): [SCP ID :##5970##] : IBAM Report - Transactional...
- 13:58 Support #12282 (Code Review): [SCP ID :##5970##] : IBAM Report - Transactional Summary
- 13:37 Support #12788 (User Acceptance Test): [SCP ID :##6139##] : B2B Posting Date Validation
- Hi Athira,
This item has been deployed to UAT. - 13:36 Support #12788 (Development / Work In Progress): [SCP ID :##6139##] : B2B Posting Date Validation
- 13:36 Support #12788 (Code Review): [SCP ID :##6139##] : B2B Posting Date Validation
- 13:15 Task #12979 (Development / Work In Progress): [IOS] - L5 - Application Backgrounding (Unintended ...
- 12:49 Support #12961 (Internal Testing): [SCP ID :##6267##] : Fail receipt shown at Auto Debit Billing
- Hi Athira,
Redmine has been updated to SIT. Please test. - 12:48 Support #12961 (Development / Work In Progress): [SCP ID :##6267##] : Fail receipt shown at Auto ...
- 12:48 Support #12961 (Code Review): [SCP ID :##6267##] : Fail receipt shown at Auto Debit Billing
- 12:48 Support #12961: [SCP ID :##6267##] : Fail receipt shown at Auto Debit Billing
- Issue:
Auto Debit file upload status is Pending Validate but the receipt stamp shows Failed
Finding:
Receipt doe... - 12:19 Support #12282 (Pending UAT Deployment): [SCP ID :##5970##] : IBAM Report - Transactional Summary
- Tested and passed by Firas on 11/5/22.
Kindly prepare the fixes and deploy to UAT environment - 12:18 Support #12775 (Pending UAT Deployment): [SCP ID :##6126##] : BSNeBiz Report for DuitNow - RFT115320
- Tested and passed by Firas on 11/5/22.
Kindly prepare the fixes and deploy to UAT environment - 12:17 Support #12788 (Pending UAT Deployment): [SCP ID :##6139##] : B2B Posting Date Validation
- Tested and passed by Firas on 11/5/22, kindly prepare the fixes to deploy to UAT environment.
- 12:16 Support #12936 (Pending UAT Deployment): [SCP ID :##6250##] : Web Application Pentest Remediation
- Tested and passed by Firas on 11/5/22
Kindly deploy the fixes to UAT environment - 12:14 Support #12832 (Pending UAT Deployment): [SCP ID :##6168##] : Generate Report failed when select ...
- Tested and passed by Firas on 11/5/22
Please deploy the changes to UAT environment - 11:56 Task #12989 (Development / Work In Progress): [IOS] - Pentest - L12 - Overly Permissive Permission
- 11:36 Task #12988 (Development / Work In Progress): [ANDROID] - Pentest - L12 - Overly Permissive Permi...
- 10:16 Support #12813: [SCP ID :##6150##] : Duitnow Immediate Reversal Error Code Mapping and special ch...
- Tested & passed
May 11, 2022
- 13:53 Support #12759 (System Integration Test): [SCP ID :##6113##] : IBAM Report Enhancement
- 13:48 Task #12944 (System Integration Test): [SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecur...
- 13:48 Task #12943 (System Integration Test): [SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecur...
- 13:47 Support #12937 (System Integration Test): [SCP ID :##6251##] : Stop Payment / Reversal Maker Che...
- 11:58 Task #12992 (User Acceptance Test): [ANDROID] - Pentest - I2 - Application Screenshot (Unintended...
- The application allows users to take a screenshot of the application's current state on their mobile device. Data may...
- 11:56 Task #12991 (User Acceptance Test): [ANDROID] - Pentest - I1 - Application Allows Use of Third-Pa...
- The application allows the use of third-party keyboards when entering sensitive data. A malicious third-party keyboar...
- 10:40 Task #12990 (User Acceptance Test): [IOS] - Pentest - L13 - App Transport Security (ATS) Exceptio...
- On Apple platforms, a networking security feature called App Transport Security (ATS) is available to apps and app ex...
- 10:38 Task #12989 (User Acceptance Test): [IOS] - Pentest - L12 - Overly Permissive Permission
- Mobile operating system assigns every installed application with a distinct system identity (Linux user ID and group ...
- 10:37 Task #12988 (User Acceptance Test): [ANDROID] - Pentest - L12 - Overly Permissive Permission
- Mobile operating system assigns every installed application with a distinct system identity (Linux user ID and group ...
- 10:33 Task #12987 (Pending UAT Deployment): [ANDROID] - Pentest - L11 - Android Application Supports Cl...
- The Android "clearTextTrafficPermitted" property is set to true in the application's Network Security Configuration f...
- 10:31 Task #12986 (Pending UAT Deployment): Pentest - L10 - Circumvention of Workflow (OTP Bypass)
- During the application test, LGMS security team observed that it was possible to circumvent process workflows and byp...
- 10:29 Task #12985 (Internal Testing): [SCP ID :##6249##] : Mobile Pentest Remediation - Pentest - L9 - ...
- DuitNow fund transfers will look up the DuitNow ID and display the recipient's full name to allow the sender to verif...
- 09:56 Task #12980 (Pending SIT Deployment): Pentest - L6 - Local Biometric Authentication Bypass
- Similar to Support #12968
- 09:56 Task #12968 (Pending SIT Deployment): [SCP ID :##6249##] : Mobile Pentest Remediation L1 Missing ...
- 09:45 Support #12961 (Pending SIT Deployment): [SCP ID :##6267##] : Fail receipt shown at Auto Debit Bi...
- 09:45 Support #12959 (Pending SIT Deployment): [SCP ID :##6266##] : DuitNow error
- 09:44 Task #12984 (Pending SIT Deployment): Pentest - L8 - Parameter Tampering (Generate PDF)
- 09:17 Task #12984 (Development / Work In Progress): Pentest - L8 - Parameter Tampering (Generate PDF)
May 10, 2022
- 16:39 Task #12984 (User Acceptance Test): Pentest - L8 - Parameter Tampering (Generate PDF)
- At the time of assessment, LGMS security team identified that it is possible to generate a PDF receipt with tampered ...
- 16:36 Task #12983 (Pending UAT Deployment): [IOS] - Pentest - L7 - Packet Replay (Fund Transfer)
- During the time of assessment, LGMS security team identified that packet replay for the fund transfer function is pos...
- 16:35 Task #12982 (User Acceptance Test): [ANDROID] - Pentest - L7 - Packet Replay (Fund Transfer)
- During the time of assessment, LGMS security team identified that packet replay for the fund transfer function is pos...
- 16:34 Task #12981 (Dropped-End of life cycle): Pentest - L7 - Packet Replay (Fund Transfer)
- During the time of assessment, LGMS security team identified that packet replay for the fund transfer function is pos...
- 16:32 Task #12980 (Internal Testing): Pentest - L6 - Local Biometric Authentication Bypass
- At the time of assessment, LGMS security team successfully bypassed the application's local biometric authentication ...
- 16:30 Task #12979 (User Acceptance Test): [IOS] - L5 - Application Backgrounding (Unintended Data Leakage)
- Application that are minimized are in a suspended state. Mobile application caches a screenshot of the last screen of...
- 16:26 Task #12978 (Development / Work In Progress): [IOS] - L4 - Missing Certificate/ Public Key Pinning
- Pinning is the process of associating a host with their expected X509 certificate or public key. Once a certificate o...
- 16:25 Task #12977 (Finished Development): [ANDROID] - L4 - Missing Certificate/ Public Key Pinning
- Pinning is the process of associating a host with their expected X509 certificate or public key. Once a certificate o...
- 16:23 Task #12976 (User Acceptance Test): [IOS] - L3 - Sensitive Information Leaked in Logs (Unintended...
- Unintended data leakage occurs when a developer inadvertently places sensitive information or data in a location on t...
- 16:22 Task #12975 (User Acceptance Test): [ANDROID] - L3 - Sensitive Information Leaked in Logs (Uninte...
- Unintended data leakage occurs when a developer inadvertently places sensitive information or data in a location on t...
- 16:19 Task #12974 (User Acceptance Test): [ANDROID] - Pentest - L2 No Server-Side Session Termination
- At the time of assessment, LGMS security team identified that it is possible to access password protected functions u...
- 16:18 Task #12973 (User Acceptance Test): [IOS] Pentest - L2 No Server-Side Session Termination
- At the time of assessment, LGMS security team identified that it is possible to access password protected functions u...
- 16:15 Task #12972 (Pending UAT Deployment): Pentest - L2 No Server-Side Session Termination
- At the time of assessment, LGMS security team identified that it is possible to access password protected functions u...
- 14:02 Support #12961 (Development / Work In Progress): [SCP ID :##6267##] : Fail receipt shown at Auto ...
- 14:02 Support #12959 (Development / Work In Progress): [SCP ID :##6266##] : DuitNow error
- 10:06 Task #12968 (Development / Work In Progress): [SCP ID :##6249##] : Mobile Pentest Remediation L1 ...
- 10:05 Task #12968 (Internal Testing): [SCP ID :##6249##] : Mobile Pentest Remediation L1 Missing Functi...
- Issue: Restful allows Payment and eStatement without password login
Finding: Restful relies on mobile password login... - 09:37 Change #12942: [SCP ID :##6254##] : Delete button for New Application navigation.
- Salam Hasnieza,
Please help to develop this enhancement.
Thank you.
May 09, 2022
- 12:51 Support #12937: [SCP ID :##6251##] : Stop Payment / Reversal Maker Checker
- Tested & passed
April 29, 2022
- 17:59 Support #12948: [SCP ID :##6256##] : Transaction History for 1Bank Lodgment Project
- Tested & passed
- 12:54 Support #12961 (Work Completed-End life cycle): [SCP ID :##6267##] : Fail receipt shown at Auto D...
- Hi,
Kindly attend below request:-
Auto Debit Billing - File Upload gave Fail receipt but the transaction is succe... - 12:18 Task #12944: [SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecure Direct Object Reference ...
- Tested & passed
- 12:13 Task #12944 (Internal Testing): [SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecure Direc...
- 11:33 Change #12942 (Development / Work In Progress): [SCP ID :##6254##] : Delete button for New Applic...
- 11:13 Support #12959 (Closed - End of life cycle): [SCP ID :##6266##] : DuitNow error
- Hi,
Kindly attend below request:-
Duitnow error due to Unsynchronized time at APP1 server.
April 28, 2022
- 00:09 Support #12948 (Internal Testing): [SCP ID :##6256##] : Transaction History for 1Bank Lodgment P...
- Simulation testing:
# Enable 2 company account with one of them is Giro-i
# Access BSNeBiz and make an Own account ... - 00:02 Support #12948 (Development / Work In Progress): [SCP ID :##6256##] : Transaction History for 1B...
- 00:01 Support #12948 (Finished Development): [SCP ID :##6256##] : Transaction History for 1Bank Lodgme...
- 13:22 Support #12937 (Internal Testing): [SCP ID :##6251##] : Stop Payment / Reversal Maker Checker
- 10:53 Support #12937 (Development / Work In Progress): [SCP ID :##6251##] : Stop Payment / Reversal Ma...
- 10:53 Support #12937 (Finished Development): [SCP ID :##6251##] : Stop Payment / Reversal Maker Checker
April 27, 2022
- 16:19 Task #12944: [SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecure Direct Object Reference ...
- Please test pentest the build 270 (VPN Penril) and build 271 (internal BSN)
- 14:44 Support #12890 (Pending Prod Deployment): [SCP ID :##6220##] : Update backup program
- Tested and passed by Asrul on 250422
- 14:43 Support #12904 (Pending Prod Deployment): [SCP ID :##6233##] : Add & as valid special char in Fil...
- Tested and passed by Asrul on 250422
- 14:42 Support #12907 (Pending Prod Deployment): [SCP ID :##6236##] : DB CPU High
- Tested and passed by Asrul on 250422
April 26, 2022
- 02:17 Support #12948 (Pending SIT Deployment): [SCP ID :##6256##] : Transaction History for 1Bank Lodg...
- 00:20 Support #12937 (Pending SIT Deployment): [SCP ID :##6251##] : Stop Payment / Reversal Maker Checker
- Issue:
Error at IBAM Pending/Approval Stop/Reverse Detail Payment
Finding:
IBAM code failed to generate details ... - 16:43 Change #12942: [SCP ID :##6254##] : Delete button for New Application navigation.
- To review
- 12:11 Task #12943: [SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecure Direct Object Reference ...
- Tested & passed
April 25, 2022
- 17:17 Support #12937 (Development / Work In Progress): [SCP ID :##6251##] : Stop Payment / Reversal Ma...
- 16:03 Support #12948 (System Integration Test): [SCP ID :##6256##] : Transaction History for 1Bank Lod...
- Hi,
Kindly attend below request:-
Transaction history to contain:
1. Transaction date -done
2. Organization Cod... - 14:20 Task #12943 (Internal Testing): [SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecure Direc...
- 11:13 Task #12943 (Development / Work In Progress): [SCP ID :##6249##] : Mobile Pentest Remediation M1 ...
April 22, 2022
- 17:01 Task #12944 (Pending UAT Deployment): [SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecure...
- Hi Felix, please update APK with the following requirment.
-no changes
IBAccountEnquiry/transactionHistory
- s... - 17:01 Task #12943 (Pending UAT Deployment): [SCP ID :##6249##] : Mobile Pentest Remediation M1 Insecure...
- Hi Fadhly, please update APK with the following requirment.
-no changes
IBAccountEnquiry/transactionHistory
- ... - 15:30 Support #12933 (Development / Work In Progress): [SCP ID :##6249##] : Mobile Pentest Remediation
- +H1 Unencrypted Communications (Target SIT 25/4/2022)+
Channel: None
Issue: Mobile apk is using unsecured connectio... - 14:11 Support #12759: [SCP ID :##6113##] : IBAM Report Enhancement
- Tested & passed
- 13:05 Support #12936 (System Integration Test): [SCP ID :##6250##] : Web Application Pentest Remediation
- Tested and passed
- 12:46 Support #12759 (Internal Testing): [SCP ID :##6113##] : IBAM Report Enhancement
- 12:31 Change #12942 (Work Completed-End life cycle): [SCP ID :##6254##] : Delete button for New Applica...
- Hi,
Kindly attend below request:-
To have a ‘Delete’ action button for New Application navigation.
- 10:22 Support #12938: [SCP ID :##6252##] : COnverted EPFG file unable to upload to Portal
- New version 1.2.2
- 10:22 Support #12938 (System Integration Test): [SCP ID :##6252##] : COnverted EPFG file unable to up...
- Tested and passed.
April 21, 2022
- 17:14 Support #12938 (Work Completed-End life cycle): [SCP ID :##6252##] : COnverted EPFG file unable...
- Hi,
Kindly attend below request:
COnverted EPFG file unable to upload to Portal - 16:57 Support #12936 (Internal Testing): [SCP ID :##6250##] : Web Application Pentest Remediation
- 16:57 Support #12936: [SCP ID :##6250##] : Web Application Pentest Remediation
- +H1 Unencrypted Communications+
Finding: LGMS test using app URL instead of web URL http://10.10.95.121:8080/bsn-cdb... - 16:18 Support #12936 (Development / Work In Progress): [SCP ID :##6250##] : Web Application Pentest Rem...
- 16:08 Support #12937 (Work Completed-End life cycle): [SCP ID :##6251##] : Stop Payment / Reversal Mak...
- Hi,
Kindly attend below request:-
System shows error upon authorizing the stop payment/ reverse payment
- 16:04 Support #12936 (Work Completed-End life cycle): [SCP ID :##6250##] : Web Application Pentest Reme...
- Hi,
Kindly attend below request:-
Web Application Pentest Remediation - 12:24 Support #12933 (Development / Work In Progress): [SCP ID :##6249##] : Mobile Pentest Remediation
- Hi,
Kindly attend below request:-
Mobile Pentest Remediation
April 20, 2022
- 12:54 Bug #12880 (Work Completed-End life cycle): Huawei - Own Account Transfer (Single User)
- Tested and passed.
Also available in: Atom