Vulnerabilities | Severity |
1) Cross Site Scripting | HIGH |
2) File Upload Vulnerability | HIGH |
3) Directory Listing Vulnerability | HIGH |
4) Unencrypted Login Pages | HIGH |
5) Session Hijacking | HIGH |
6) Cross Site Request Forgery(csrf) | HIGH |
7) Weak Captcha Implementation | MEDIUM |
8) Cross Frame Scripting(css) | MEDIUM |
9)Internal Error Handling | MEDIUM |
10)Cookies are not marked as HTTPOnly | LOW |
Recommendations
• Random Tokens should be used on all critical operations.
• Ensure good and secure Session Management practices are followed.
• Configure the application to disable any kind of browsable directories
• Coding flaws and configuration flaws should be remediated immediately.
• Special characters should be filtered by the Web Application to prevent SQL
Injection and cross site scripting.
• Username and password forms should be encrypted and HTTPS should be used.
• Make sure the web server and application server are configured in a secure way.
• Ensure that none of the error messages of response pages disclose any kind of
information about the underlying systems.
• Secure Coding Methodologies should be followed to eliminate discrepancies and
prevent disclosure of information