OWASP Top-10 Security Audit

[astrajescu]

Run a compliance audit on Top 10 Web Application Security Risks (OWASP Top-10) and identify weaknesses or issues to be addressed.

• [x] Injection;
• [x] Broken authentication;
• [x] Sensitive data exposure;
• [x] XML External entities;
• [x] Broken access control
• [x] Security misconfiguration;
• [ ] Cross-site scripting XSS;
• [x] Insecure deserialization;
• [x] Using components with known vulnerabilities;
• [x] Insufficient logging and monitoring.

[rtudvasev]

HTTPS has configured as for application and for image server. Default action on HTTP access - redirect to HTTPS.

[rtudvasev]

https://github.com/microsimulation/ijm/issues/64