Skip to end of banner
Go to start of banner

Pen Test 2022 Results

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 14 Current »

Issue

A05 Security Misconfiguration – ReadMe File May Identify Site Software

Priority

LOW

EP Number

EP-3246 - Getting issue details... STATUS

Resolution:

We have raised a request with our Hosting Partner - to remove access/delete readme file.

Issue

A05 Security Misconfiguration – Missing Recommended Security Header

Priority

LOW

EP Number

EP-3247 - Getting issue details... STATUS

Resolution

Awaiting further clarification from Pen Testers.

Issue

A05 Security Misconfiguration - Missing Sub resource Integrity (SRI) for External Script

Priority

LOW

EP Number

EP-3248 - Getting issue details... STATUS

Resolution

We have updated external front end dependencies to now have a generated integrity hash, this allows the browser to verify the contents have not been manipulated in transit.

Issue

A05 Security Misconfiguration - Source Map Disclosure

Priority

LOW

EP Number

EP-3249 - Getting issue details... STATUS

Resolution:

We have removed the .map files generated by our front end build process.

Issue

A05 Security Misconfiguration - Swagger API Structure Exposed

Priority

LOW

EP Number

EP-3250 - Getting issue details... STATUS

Resolution:

Adjusted our api_docs endpoint to only be accessible when the application in running in test mode.

Issue

Reopened - Using Components with Known Vulnerabilities - Out-of-Date Components Identified

Priority

MEDIUM

EP Number

EP-3253 - Getting issue details... STATUS

Resolution:

On the previous Pen Test we had removed all jQuery 2.1.1 from the application, we have now removed the jQuery 2.1.1 files also.

Issue

Reopened - Security Misconfiguration – Potentially Dangerous File Type Upload Allowed

This issue has been partially resolved.

The potentially harmful python file extensions reported in this issue are no longer accepted by the uploader. However, other potentially dangerous file types such as PHP, EXE, and ZIP are still allowed.

Priority

MEDIUM

EP Number

EP-3252 - Getting issue details... STATUS

Resolution:

Work is scheduled for next sprint.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.