Executive Summary
Business network for creating contacts and virtual marketplace designed for people by people. This network helps to find new contacts, advertise your products and offer your services.
Key challenges and actions for project completion
During security audit were checked different classes of vulnerabilities that had been included in the Web Application Security Consortium.
We checked the following classes of vulnerabilities:
- Authentication, which includes subclasses: Brute Force, Insufficient Authentication, Weak Password Recovery Validation.
- Authorization, which includes subclasses: Credential / Session Prediction, Insufficient Authorization, Insufficient Session Expiration, Session Fixation.
- Client-side Attacks, which include subclasses: Content Spoofing, Cross-Site Scripting (XSS), HTTP Response Splitting. As well as Cross-Site Request Forgery (CSRF).
- Command Execution, which includes subclasses: Format String Attack, CRLF Injection, OS Commanding, SQL Injection, SSI Injection, XPath Injection.
- Information Disclosure, which includes subclasses: Directory Indexing, Web Server / Application Fingerprinting, Information Leakage, Path Traversal, Predictable Resource Location.
- Logical Attacks, which include subclasses: Abuse of Functionality, Denial of Service, Insufficient Anti-automation.
