Website accepts payment of taxes and other levies online
Also provides customer interface for complaints, grievances
Challenges/Opportunities
Complex server landscape- 3 tier architecture
Un-structured directory structure
Qadit’s Approach
Use of vulnerability assessment tools such as Nessus, Retina, WebScarab etc
Assessment was carried using the OWASP, SANS Top 20 and WASC standards
Iterative testing procedure-with a gap for fixing issues identified during each iteration.
Key Findings/Recommendations
Website had vulnerabilities that could be exploited by hackers to deface webpage and also access/modify sensitive information. User and database credentials such as userid and passwords were exposed in HTML comments.
