| Perform Regression Tests | Verified: UI functions across user levels and browsers, media streaming, synctool, retrieval tool, rest api, Manifest
To be verified: Audit, Manifest, Storage Stats, Snapshot actions |
|
|
|
Use ZAProxy to perform a security analysis
- Use a test DuraCloud account with very little content
- Start an Automated Scan
- Remove any sites not relevant to DuraCloud from the "Sites" list
- Generate an HTML and XML report and attach to this page
| ZAProxy Report (html, xml) - Medium risk:
- jquery, version 1.7.1 is vulnerable
- Low risk:
- Missing anti-CSFR tokens on login form
- Missing cookie settings (AWS cookies): HttpOnly flag, SameSite attribute, Secure flag
- Missing X-Content-Type-Options header
|
|
|
|