Security Testing on Mendix Development Application

0
Hello,   I've been working on an application where the client wants to Conduct Security testing to  know what are the flaws we are having in application and got this from audit/security personnel as feedback  How to fix this issue and protect app data from being stolen or misused , does anyone any knowledge on this , share it  thank you for your time 
asked
1 answers
0

Hi Johan Flikweert,

Privilege Escalation via Cookie/Token Manipulation and the Use of Weak Hashing Algorithms are categorized under penetration testing. Penetration testing is a professional security assessment that simulates real-world attack scenarios to identify vulnerabilities within systems and networks.

Typically, vulnerabilities discovered during such assessments are classified as High, Medium, or Low based on their threat level—particularly the type and sensitivity of data that could be accessed from the hosting environment.

In our case, the application is hosted on-premises using IIS (Internet Information Services).

 

You mentioned the risk of cookie theft — could you please share your suggestions on how to prevent it?

 

Thank you 

answered