Slide 5
Slide 5 text
2002
• Disable the remote administration capabilities of the website. Priority – High.
• Validate all uploaded files for cross-site scripting, and command or SQL injection attacks if
they are to be displayed or processed. Priority – High.
• Scan all uploaded files for virus, worms, trojans. Priority – High.
• Ensure permissions are set so that the least possible access is granted when processing
those files (saving, opening) so that only specific permissions are set over specific agents,
actions and directories. Priority – High.
• Validate that XML documents contain the information and the format expected before
processing.. Priority – High.
• Revise the security scheme for the Extranet so users are not allowed to bypass login.
• Ensure server has been patched with latest patch to fix some known buffer overflow and
cross-site scripting vulnerabilities (see MS02-018 April10, 2002). Priority – High.
• Completely validate and filter/escape/block all special characters from this email
functionality in all fields to prevent cross-site scripting, buffer overflow and command
injection attacks. Priority – High.
• Do not embed sensitive info on static pages or on dynamically generated pages that the
user is not intended to have.. Priority – High*.
Extrait d’un rapport de tests d’intrusion…il y a 13 ans
Qu’est-ce qui cloche?