WAPT of CBS Application
Scope
- Development framework: and Oracle ASP.NET
- Web Server : Microsoft IIS version 10
- Conduct penetration tests and provide suitable countermeasure
- Penetration tests should cover Black Box and White Box testin
- Testing to e carrie out in staging environment
Standards Followed
- OWASP
- SANS
Vulnerabilities Identified
- Database connection string disclosed
- Brute-force on login field
- Reports folder is accessible through directory traversal
- Missing Session Management
- Missing X-Frame-Options Header
Key Achievements
- Identified critical vulnerabilities that could compromise Bank customer data, allow account takeover by the hacker
- Vulnerabilities related to third-party libraries highlighted