DLP Thrability And Information System - 723 Words

Confidentiality, Transmission, Technology References are not validated logically. Application does not validate all un-trusted inputs received with each HTTP Request. It may allow user to access restricted file, folder and information, initiate SQL injection and cross site scripting attacks. This Cell Applies to the vulnerability as it may cause disclose of patient’s authentication during log in. Since by putting username and password user transmits a request to the application User ID and Password can be compromised which may allow malicious user to access confidential information. True Health may have impact on its reputation and finance. True Health may become a subject to compensation due to disclosure of sensitive information of its†¦show more content†¦ID, Name, Sequence Number should be replaced by cryptography hashes and should be mapped to the original values. Confidentiality, Processing, Education Not applicable for the Vulnerability, since it’s mostly dependant on technology Confidentiality, Processing, Policy No standard was documented and implemented focusing on security configuration of the web application. This cell applies to the vulnerability because if there was an approved documentation to maintain security standard of all web applications within the organization, the online portal of True Health Diagnostic would not have IDOR, Unencrypted URL or insufficient access control. No having a documented and implemented started for application may expose the application to much vulnerability which may cause operational disruption. Prepare security standard for the public faced web application of the organization. NIST provide this sort of security framework. Confidentiality, Storage, Technology One user can access the information of other users which is usually not allowed. Proper access control and segregation of information is not implemented in the database. This cell applies to the vulnerability since proper technologies (Access Control and Separate Data Base Table) are not configured in the Database that allows a user to breach confidentiality of information. May allow an