65
edits
Security/Reviews/web template: Difference between revisions
no edit summary
No edit summary |
|||
| Line 9: | Line 9: | ||
**example: file uploads, user comments,.etc..etc. | **example: file uploads, user comments,.etc..etc. | ||
*What methods are used to ensure the code base on the servers hasn't change or to detect if the web code has been modified? (This might be a sysadmin function) | *What methods are used to ensure the code base on the servers hasn't change or to detect if the web code has been modified? (This might be a sysadmin function) | ||
*Does this application use data that can be modified by the user in order to include specific files? (LFI/RFI) | |||
*URL to project pages and other related information? | *URL to project pages and other related information? | ||
| Line 39: | Line 40: | ||
*Is the web application susceptible to SQL injection and what issues have been addressed to deal with these issues? | *Is the web application susceptible to SQL injection and what issues have been addressed to deal with these issues? | ||
*Is data being encrypted and if so, what methods are being used? | *Is data being encrypted and if so, what methods are being used? | ||
== Information Disclosure and Error Handling == | |||
*How are errors handled within the application such as sql database errors, system errors? | |||
*Are there tracking methods used such as logs or emails to note errors within the application? | |||
== Relationships to other projects == | == Relationships to other projects == | ||