Moving into this new chapter of our organization is a very exciting time. With excitement comes, new risks that need to be researched carefully for our company to be successful. In this report I will give you the information you need to make informed decisions on how to take the next steps, which will make for a successful transition to the new world of on-line shopping. What vulnerabilities where found?
Outdated software
Configuration files shown to guest users
Non sanitized data shown in URL strings using (GET/POST Methods) Setup files/folders found in web documents
DDoS using low level http attack methods to fill ports What risk do they create?
Security risks/vulnerabilities/exploits are released to public
Able to identify services to attack
Injection
Recreation or modifying current configurations
Deny service to normal users, black hole the IP
Listing of all files even hidden ones
How could they be remediated?
Upgrade update regularly
Move outside of ht docs or limit access/file permissions
Fix source code
Do not list folders in the robots.txt file, and do not link over to the folders see 3.6
Firewall ICMP and other protocol’s not used for web
Change in the web service configuration or create an index.html or default “dummy” file What practices should be used to prevent similar vulnerabilities?
Keep up to date software and use methods when coding to prevent attacks. Test the server for vulnerabilities weekly. Configure the web services using best practices.
What protective measure could be used if applications or servers could not be fixed?
Firewall/hardware
Proxy services
System Administrator
Determine Who Can Update a Project
Monitoring All Access the Site
Deleting Transcripts and Exhibits
Granting Access to Projects
How Search Results Display
Developer
Keep the development team on track (and happy where possible)
Make sure that the teams are communicating