OWASP Top Ten
We regularly scan vulnerabilities defined under OWASP Top Ten Compliance.
OWASP Rule | Agent Desk | Unified Admin | Web Widget | |
|---|---|---|---|---|
| 1 | Broken Access Control | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT |
| 2 | Cryptographic Failures | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT |
| 3 | Injection | PARTIAL_COMPLIANT | COMPLIANT | COMPLIANT |
| 4 | Insecure Design | QA NOT_APPLICABLE | QA NOT_APPLICABLE | QA NOT_APPLICABLE |
| 5 | Security Misconfiguration | NOT_TESTED | NOT_TESTED | NOT_TESTED |
| 6 | Vulnerable and Outdated Components | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT |
| 7 | Identification and Authentication Failures | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT |
| 8 | Software and Data Integrity Failures | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT |
| 9 | Security Logging and Monitoring Failures | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT | PARTIAL_COMPLIANT |
| 10 | Server-Side Request Forgery (SSRF) | COMPLIANT | COMPLIANT | COMPLIANT |
These scan results are produced by our Security QA team using OWASP ZAP, Sonar Cloud and Burp Suite penetration/security testing tools. We will keep scanning for vulnerabilities and do the fixes on identified security bugs on Expertflow CX.
Security-related Bugs and Vulnerabilities
https://expertflow-docs.atlassian.net/issues/?jql=parent%3DCXIM-31%20ORDER%20BY%20rank