Table of Contents
  • Introduction..... 3
  • Summary of Findings......... 3
  • Network Assessment.......... 4
  • Information Gathering... 4
  • Port Scanning ................ 4
  • ICMP Packet Filtering... 5
  • SSL Security Analysis ....... 6
  • HTTPS Not Enforced .... 6
  • SSL Protocol/Cipher Suite Evaluation ................ 6
  • Web Application Security.. 9
  • Content Analysis ........... 9
  • Malicious Input/SQL Injection......... 9
  • Information Leakage ..... 9
  • Cross-Site Scripting..... 10
  • Web Server Assessment... 12
  • Apache Tomcat Directory Traversal ................. 12
  • Apache Tomcat Directory Listing (CVE-2006-3835).......... 12
  • Apache Tomcat Buffer Overflow (CVE-2007-0774) .......... 12
  • Web Server Configuration ............. 12
  1. [2012/08/15] Test report template *5 by Aleksa (2190)
  2. [2009/06/24] Test Case Report template *9 by Mantoo (30079)
  3. [2009/05/05] Test Metrics Report (Template) *8 by Hien (8774)
  4. [2012/09/03] Software testing report template *1 by TPTSESHU (1240)
  5. [2009/03/17] Report template for a week *1 by h2pqmin (1969)