Project

General

Profile

Security Audit

open

68%

57 issues   (38 closed19 open)

Time tracking
Estimated time 18:00 hours
Spent time 0:00 hour
Issues by
Bug

33/35
Feature

5/22
Related issues
Bug #66: [Security Audit ] 1- Privilege Escalation Actions
Bug #67: [Security Audit ] 2-Insecure Data Storage Actions
Bug #68: [Security Audit ] 3-Broken Access Control Actions
Bug #69: [Security Audit ] 4- User Account Takeover Actions
Bug #70: [Security Audit ] 5 -Failed Defences Against Application Misuse Actions
Bug #71: [Security Audit ] 6- Unrestricted File Upload Actions
Bug #72: [Security Audit ] 7- Framework Obsolete Version in usage Actions
Bug #73: [Security Audit ] 8- Insecure Direct Object Reference (IDOR) Actions
Bug #74: [Security Audit ] 9- Improper Input Validation Actions
Bug #75: [Security Audit ]10 -Sensitive Information Disclosure Actions
Bug #76: [Security Audit ] 11- OTP Flooding Actions
Bug #77: [Security Audit ] 12- OTP Bypass Actions
Bug #78: [Security Audit ] 13 -Aadhaar is Not Encrypted in Transit Actions
Bug #79: [Security Audit ] 14 -Improper Session Management / Session Expiration too longer Actions
Bug #80: [Security Audit ] 15- Insufficient Aadhaar Verification Actions
Bug #81: [Security Audit ] 16- Weak Password Policy Actions
Bug #82: [Security Audit ]17 - OTP Bruteforce Actions
Bug #83: [Security Audit ]18- Application Logic Bypass Actions
Bug #84: [Security Audit ]19- Client side bypass / Improper server side validation Actions
Bug #85: [Security Audit ] 20- Cross Origin Resource Sharing (CORS) Misconfiguration Actions
Bug #86: [Security Audit ] 21 -Insufficient Anti-Automation Actions
Bug #87: [Security Audit ] 22 -Security headers are not Implemented Actions
Bug #88: [Security Audit ] 23- Email addresses disclosed Actions
Bug #89: [Security Audit ] 24- Improper Error Handling Actions
Bug #90: [Security Audit ] 25- Logout Functionality Not Implemented Actions
Bug #91: [Security Audit ] 26 -Cross-Site Request Forgery (CSRF) Actions
Bug #92: [Security Audit ] 27 -Sensitive Data Passed Through URL Parameters Actions
Bug #93: [Security Audit ] 28- Technology/Version Disclosure Actions
Bug #94: [Security Audit ] 29 -Clickjacking Attack Actions
Bug #95: [Security Audit ] 30- Port misconfiguration Actions
Bug #96: [Security Audit ] 31 -Username and Password field with auto-complete Actions
Bug #207: Autorization Roles - Start using spring security authorization in repo and services classes Actions
Bug #384: Build Issues on the User, Code Domain ,Patient Managementand EMR modules Actions
Bug #385: Build Issues on the Health ID, Lab, and OP Billing Actions
Bug #386: EAarogya Security Audit Deployment Actions
Feature #65: Security Audit Actions
Feature #235: [Security Audit Round 2 ] Actions
Feature #241: [Security Audit Round 2 ] Password Returned in Response Actions
Feature #245: [Security Audit Round 2 ] Insecure Data Storage (Reopened) Actions
Feature #250: [Security Audit Round 2 ] Sensitive Information Disclosure (Repeated) Actions
Feature #254: [Security Audit Round 2 ] OTP Bypass (Repeated) Actions
Feature #256: [Security Audit Round 2 ] Improper Session Management / Session Expiration too longer (Repeated) Actions
Feature #258: [Security Audit Round 2 ] Weak Password Policy (Repeated) Actions
Feature #260: [Security Audit Round 2 ] OTP Bruteforce (Reapeated) Actions
Feature #261: [Security Audit Round 2 ] Application Logic Bypass (Reapeated) Actions
Feature #263: [Security Audit Round 2 ] Client side bypass / Improper server side validation Actions
Feature #265: [Security Audit Round 2 ] Host Header Injection Actions
Feature #267: [Security Audit Round 2 ] Default pages disclosed Actions
Feature #268: [Security Audit Round 2 ] Cross Origin Resource Sharing (CORS) Misconfiguration Actions
Feature #269: [Security Audit Round 2 ] Security headers are not Implemented (Repeted) Actions
Feature #272: [Security Audit Round 2 ] Improper Error Handling Actions
Feature #275: [Security Audit Round 2 ] Cross-Site Request Forgery (CSRF) (Repeated) Actions
Feature #278: [Security Audit Round 2 ] Sensitive Data Passed Through URL Parameters (Repeated) Actions
Feature #282: [Security Audit Round 2 ] Technology/Version Disclosure Actions
Feature #284: [Security Audit Round 2 ] Clickjacking Attack (Repeated) Actions
Feature #286: [Security Audit Round 2 ] Port misconfiguration (Repeated) Actions
Feature #347: [Security Audit Round 2 ] Stopping future dates in entire application Actions