|1) Cross Site Scripting||HIGH|
|2) File Upload Vulnerability||HIGH|
|3) Directory Listing Vulnerability||HIGH|
|4) Unencrypted Login Pages||HIGH|
|5) Session Hijacking||HIGH|
|6) Cross Site Request Forgery(csrf)||HIGH|
|7) Weak Captcha Implementation||MEDIUM|
|8) Cross Frame Scripting(css)||MEDIUM|
|9)Internal Error Handling||MEDIUM|
|10)Cookies are not marked as HTTPOnly||LOW|
• Random Tokens should be used on all critical operations.
• Ensure good and secure Session Management practices are followed.
• Configure the application to disable any kind of browsable directories
• Coding flaws and configuration flaws should be remediated immediately.
• Special characters should be filtered by the Web Application to prevent SQL
Injection and cross site scripting.
• Username and password forms should be encrypted and HTTPS should be used.
• Make sure the web server and application server are configured in a secure way.
• Ensure that none of the error messages of response pages disclose any kind of
information about the underlying systems.
• Secure Coding Methodologies should be followed to eliminate discrepancies and
prevent disclosure of information