Web App Prototype Audit
Audit Timeline
Draft Date
Last Review Date
Final Audit Date
Public Date
6/21/23
6/23/23
6/23/23
6/26/23
Sample report 2
NightTrack, which is accessible on the internet, is used by the various players in the validation chain, such as agents, their managers and HR.
All Scores
Test
/10
Code
/10
Documentation
8
/10
Findings Status
Findings Breakdown
Finding Name
RES-ID
Remediation Priority
Remediation Status
Finding Type
Severity
Last Updated
A user can forge a valid authentication token for another use
RES-VeloSoft-WEB01-01
Standard Fix
Resolved
Access Control
Critical
7/31/2023
SQL Injection Vulnerability in NightTrack
RES-VeloSoft-WEB01-02
Quick Win
Resolved
Data Validation
Critical
7/31/2023
A user can delete weeks of other users
RES-VeloSoft-WEB01-03
Heavy Project
Resolved
Access Control
High
7/31/2023
Illegitimate Access To Technical Pages in NightTrack Application
RES-VeloSoft-WEB01-04
Standard Fix
Acknowledged
Access Control
High
7/31/2023
Persistent Cross-Site Scripting (XSS) in NightTrack Application
RES-VeloSoft-WEB01-05
Quick Win
Resolved
Data Validation
High
7/31/2023
NightTrack is accessible using the HTTP protocol
RES-VeloSoft-WEB01-06
Standard Fix
Acknowledged
Encryption
High
7/31/2023
Predictable sensitive requests in NightTrack application
RES-VeloSoft-WEB01-07
Standard Fix
Unresolved
Access Control
Medium
7/25/2023
The NightTrack server exposes the FTP service
RES-VeloSoft-WEB01-09
Standard Fix
Unresolved
Network Exposure
Medium
7/25/2023
HTTP headers of NightTrack leak technical information
RES-VeloSoft-WEB01-10
Standard Fix
Unresolved
Disclosure
Low
7/25/2023
Some components used are obsolete
RES-VeloSoft-WEB01-11
Quick Win
Unresolved
Disclosure
Low
7/25/2023