ag-admin vulnerabilities
Posted: Thu Apr 05, 2018 2:05 pm
Hi,
I support software built on Servoy.
We have a client who has tested their system by penetration testing using HP Fortify Scan.
As part of the testing they logged in to ag-admin and found two ‘Cross-Site Scripting: Reflected’ issues they class as critical.
I pointed out to them that if anyone with bad intentions who had access to ag-admin could do a lot more damage very quickly by just changing settings or deleting stuff.
They accepted this, but apparently their IT department still want a resolution.
My question is, what is Servoy’s stance on this? Is there a strategy for dealing with vulnerabilities that exist beyond the password protection on ag-admin?
Cheers
Graham
I support software built on Servoy.
We have a client who has tested their system by penetration testing using HP Fortify Scan.
As part of the testing they logged in to ag-admin and found two ‘Cross-Site Scripting: Reflected’ issues they class as critical.
I pointed out to them that if anyone with bad intentions who had access to ag-admin could do a lot more damage very quickly by just changing settings or deleting stuff.
They accepted this, but apparently their IT department still want a resolution.
My question is, what is Servoy’s stance on this? Is there a strategy for dealing with vulnerabilities that exist beyond the password protection on ag-admin?
Cheers
Graham