Issue | A05 Security Misconfiguration - Swagger API Structure Exposed |
Priority | LOW |
EP Number | |
Resolution | Only exposed on the DEV test environment. |
Issue | A04:2021 – Insecure Design Delete EPA/EPA Manager Request Susceptible to CSRF |
Priority | LOW |
EP Number | |
Resolution |
Issue | A07:2021 – Identification and Authentication Failures Account Enumeration Possible Via Login Page |
Priority | LOW |
EP Number | |
Resolution: | Amend the warning text when entering an incorrect username/password from bold to normal |
Issue | Security Misconfiguration - Missing Sub resource Integrity For External Scripts |
Priority | RAISE FOR REFERENCE |
EP Number | |
Resolution: | Declined - we cannot add an SRI check here to validate the content as Google necessitate implicit trust of their content. |
Issue | A02 - Cryptographic Failures – Weak Ciphers Within TLSv1.2 Supported |
Priority | LOW |
EP Number | |
Resolution: |
Add Comment