Fortify Scan Results Fix

[carlan1]

In December 2023, we conducted a fortify CASA scan. There are some potential vulnerabilities flagged by the scan. This scan was conducted on the feature/oauth branch of the LAMP-dashboard repository. We need these vulnerabilities corrected (please make corrections directly to this branch). They are described in the attached excel file.

Fortify_Scan_Results_Assessment_1834_12-5-2023 (1).xlsx

[michaelmenon]

Thanks @carlan1 we will work on it on priority.

[sarithapillai8]

@carlan1 Please the comments added and confirm. Fortify_Scan_Results_Assessment_1834_12-5-2023.1.xlsx

[carlan1]

Do any of the proposed solutions involve API changes?

[sarithapillai8]

Yes @carlan1 . It is mentioned in the comments column.

[sarithapillai8]

Please see the updated file. Fortify_Scan_Results_Assessment_1834_12-5-2023.1.xlsx

[michaelmenon]

Hi @carlan1 please check on our comments against each item in the excel sheet post by @sarithapillai8 in the above post. We have updated some of the items in the staging and few items are still being worked on. There are some items done by your team which we have marked in the excel doc. Please review and we can discuss on this in our next weeks call.

[ZCOEngineer]

We are currently evaluating the issues in the OAuth HTML. checking on one solution, shall update it here as soon as the evaluation is complete.

[sarithapillai8]

@carlan1 We have made an update to public/oauth.html. Could you please do the scan again and let us know the status of the updated items?

[carlan1]

Fortify_Scan_Results_Assessment_1834_1-16-2024.xlsx Here is the updated scan

[ZCOEngineer]

Thanks @carlan1, we shall review

[sarithapillai8]

@carlan1 Please see our comments in attached file. Fortify_Scan_Results_Assessment_1834_1-16-2024.xlsx