Scribd Logo
Unggah

Selamat datang di Scribd!

  • CRM Vtiger 10.36.43.2

    Diunggah oleh

    Duong Kai
    64 tayangan4 halaman
    ko

    Judul Asli

    CRM_vTiger_10.36.43.2

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    XLSX, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    ko

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai XLSX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    64 tayangan4 halaman

    CRM Vtiger 10.36.43.2

    Diunggah oleh

    Duong Kai
    ko

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai XLSX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 4

    URL: https://10.36.43.

    2/vtigercrm
    Date: 3-Apr-14
    Ref. No. Category Test Name Status Comment
    4.2 Information Gathering
    4.2.1 OTG-INFO-001
    Conduct Search Engine Discovery and
    Reconnaissance for Information Leakage
    Pass
    4.2.2 OTG-INFO-002 Fingerprint Web Server Pass
    4.2.3 OTG-INFO-003
    Review Webserver Metafiles for Information
    Leakage
    Pass
    4.2.4 OTG-INFO-004 Enumerate Applications on Webserver Pass
    4.2.5 OTG-INFO-005
    Review Webpage Comments and Metadata for
    Information Leakage
    Pass
    4.2.6 OTG-INFO-006 Identify application entry points Pass
    4.2.7 OTG-INFO-008 Map execution paths through application Pass
    4.2.8 OTG-INFO-009 Fingerprint Web Application Framework Pass
    4.2.9 OTG-INFO-010 Fingerprint Web Application Pass
    4.2.10 OTG-INFO-011 Map Network and Application Architecture Pass
    4.3 Configuration and Deploy Management Testing
    4.3.1 OTG-CONFIG-001 Test Network/Infrastructure Configuration Pass
    4.3.2 OTG-CONFIG-002 Test Application Platform Configuration Pass
    4.3.3 OTG-CONFIG-003
    Test File Extensions Handling for Sensitive
    Information
    Pass
    4.3.4 OTG-CONFIG-004
    Backup and Unreferenced Files for Sensitive
    Information
    Pass
    4.3.5 OTG-CONFIG-005
    Enumerate Infrastructure and Application Admin
    Interfaces
    Pass
    4.3.6 OTG-CONFIG-006 Test HTTP Methods Pass
    4.3.7 OTG-CONFIG-009 Test HTTP Strict Transport Security Pass
    4.3.8 OTG-CONFIG-011 Test RIA cross domain policy Pass
    4.4 Identity Management Testing Pass
    4.4.1 OTG-IDENT-001 Test Role Definitions Pass
    4.4.2 OTG-IDENT-002 Test User Registration Process Pass
    4.4.3 OTG-IDENT-003 Test Account Provisioning Process Pass
    4.4.4 OTG-IDENT-004
    Testing for Account Enumeration and Guessable
    User Account
    Pass
    4.4.5 OTG-IDENT-005 Testing for Weak or unenforced username policy Pass
    4.4.6 OTG-IDENT-006 Test Permissions of Guest/Training Accounts Pass
    4.4.7 OTG-IDENT-007 Test Account Suspension/Resumption Process Pass
    4.5 Authentication Testing
    4.5.1 OTG-AUTHN-001
    Testing for Credentials Transported over an
    Encrypted Channel
    Pass
    4.5.2 OTG-AUTHN-002 Testing for default credentials Pass
    4.5.3 OTG-AUTHN-003 Testing for Weak lock out mechanism Pass
    BO CO KIM TH BO MT
    4.5.4 OTG-AUTHN-004 Testing for bypassing authentication schema Pass
    4.5.5 OTG-AUTHN-005 Test remember password functionality Pass
    4.5.6 OTG-AUTHN-006 Testing for Browser cache weakness Pass
    4.5.7 OTG-AUTHN-007 Testing for Weak password policy Pass
    4.5.8 OTG-AUTHN-008 Testing for Weak security question/answer Pass
    4.5.9 OTG-AUTHN-009
    Testing for weak password change or reset
    functionalities
    Pass
    4.5.10 OTG-AUTHN-010
    Testing for Weaker authentication in alternative
    channel
    Pass
    4.6 Authorization Testing Pass
    4.6.1 OTG-AUTHZ-002 Testing Directory traversal/file include Pass
    4.6.2 OTG-AUTHZ-003 Testing for bypassing authorization schema Pass
    4.6.3 OTG-AUTHZ-004 Testing for Privilege Escalation Pass
    4.6.4 OTG-AUTHZ-005 Testing for Insecure Direct Object References Pass
    4.7 Session Management Testing
    4.7.1 OTG-SESS-001
    Testing for Bypassing Session Management
    Schema
    Pass
    4.7.2 OTG-SESS-002 Testing for Cookies attributes Pass
    4.7.3 OTG-SESS-003 Testing for Session Fixation Pass
    4.7.4 OTG-SESS-004 Testing for Exposed Session Variables Pass
    4.7.5 OTG-SESS-005 Testing for Cross Site Request Forgery Pass
    4.7.6 OTG-SESS-007 Testing for logout functionality Pass
    4.7.7 OTG-SESS-008 Test Session Timeout Pass
    4.7.8 OTG-SESS-010 Testing for Session puzzling Pass
    4.8 Data Validation Testing
    4.8.1 OTG-INPVAL-001 Testing for Reflected Cross Site Scripting Pass
    4.8.2 OTG-INPVAL-002 Testing for Stored Cross Site Scripting Pass
    4.8.3 OTG-INPVAL-003 Testing for HTTP Verb Tampering Pass
    4.8.4 OTG-INPVAL-004 Testing for HTTP Parameter pollution Pass
    4.8.5 OTG-INPVAL-006 Testing for SQL Injection Pass
    4.8.5.1 Oracle Testing Pass
    4.8.5.2 MySQL Testing Pass
    4.8.5.3 SQL Server Testing Pass
    4.8.5.4 Testing PostgreSQL Pass
    4.8.5.5 MS Access Testing Pass
    4.8.5.6 Testing for NoSQL injection Pass
    4.8.6 OTG-INPVAL-007 Testing for LDAP Injection Pass
    4.8.7 OTG-INPVAL-008 Testing for ORM Injection Pass
    4.8.8 OTG-INPVAL-009 Testing for XML Injection Pass
    4.8.9 OTG-INPVAL-010 Testing for SSI Injection Pass
    4.8.10 OTG-INPVAL-011 Testing for XPath Injection Pass
    4.8.11 OTG-INPVAL-012 IMAP/SMTP Injection Pass
    4.8.12 OTG-INPVAL-013 Testing for Code Injection Pass
    4.8.12.1 Testing for Local File Inclusion Pass
    4.8.12.2 Testing for Remote File Inclusion Pass
    4.8.13 OTG-INPVAL-014 Testing for Command Injection Pass
    4.8.14 OTG-INPVAL-015 Testing for Buffer overflow Pass
    4.8.14.1 Testing for Heap overflow Pass
    4.8.14.2 Testing for Stack overflow Pass
    4.8.14.3 Testing for Format string Pass
    4.8.15 OTG-INPVAL-016 Testing for incubated vulnerabilities Pass
    4.8.16 OTG-INPVAL-017 Testing for HTTP Splitting/Smuggling Pass
    4.9 Error Handling
    4.9.1 OTG-ERR-001 Analysis of Error Codes Pass
    4.9.2 OTG-ERR-002 Analysis of Stack Traces Pass
    4.1 Cryptography
    4.10.1 OTG-CRYPST-001
    Testing for Weak SSL/TSL Ciphers, Insufficient
    Transport Layer Protection
    Pass
    4.10.2 OTG-CRYPST-003 Testing for Padding Oracle Pass
    4.10.3 OTG-CRYPST-007
    Testing for Sensitive information sent via
    unencrypted channels
    Pass
    4.11 Logging
    4.11.1 OTG-LOG-001 Test time synchronisation Pass
    4.11.2 OTG-LOG-002 Test user-viewable log of authentication events Pass
    4.12 OWASP-BL-001 Business Logic Testing
    4.12.1 OTG-BUSLOGIC-001 Test Business Logic Data Validation Pass
    4.12.2 OTG-BUSLOGIC-002 Test Ability to Forge Requests Pass
    4.12.3 OTG-BUSLOGIC-003 Test Integrity Checks Pass
    4.12.4 OTG-BUSLOGIC-004 Test for Process Timing Pass
    4.12.5 OTG-BUSLOGIC-005
    Test Number of Times a Function Can be Used
    Limits
    Pass
    4.12.6 OTG-BUSLOGIC-006 Testing for the Circumvention of Work Flows Pass
    4.12.7 OTG-BUSLOGIC-007 Test Defenses Against Application Mis-use Pass
    4.12.8 OTG-BUSLOGIC-008 Test Upload of Unexpected File Types Pass
    4.12.9 OTG-BUSLOGIC-009 Test Upload of Malicious Files Pass
    4.15 Client Side Testing
    4.15.1 OTG-CLIENT-001 Testing for DOM based Cross Site Scripting Pass
    4.15.2 OWASP-CS-002 Testing for JavaScript Execution Pass
    4.15.3 OWASP-CS-003 Testing for HTML Injection Pass
    4.15.4 OWASP-CS-004 Testing for Client Side URL Redirect Pass
    4.15.5 OWASP-CS-005 Testing for CSS Injection Pass
    4.15.6 OWASP-CS-006 Testing for Client Side Resource Manipulation Pass
    4.15.7 OTG-CLIENT-007 Test Cross Origin Resource Sharing Pass
    4.15.8 OTG-CLIENT-008 Testing for Cross Site Flashing Pass
    4.15.9 OTG-CLIENT-009 Testing for Clickjacking Pass
    4.15.10 OTG-CLIENT-010 Testing WebSockets Pass
    4.15.11 OTG-CLIENT-011 Test Web Messaging Pass
    4.15.12 OTG-CLIENT-012 Test Local Storage Pass
    Ngi thc hin Kim sot
    Trng Thanh Nam

    Anda mungkin juga menyukai