We regularly scan vulnerabilities defined under OWASP Top Ten Compliance.
|
OWASP Rule |
Agent Desk |
Unified Admin |
Web Widget |
|
|---|---|---|---|---|
|
1 |
Broken Access Control |
PARTIAL_compliant |
PARTIAL_compliant |
PARTIAL_compliant |
|
2 |
Cryptographic Failures |
PARTIAL_compliant |
PARTIAL_compliant |
PARTIAL_compliant |
|
3 |
Injection |
PARTIAL_compliant |
Compliant |
Compliant |
|
4 |
Insecure Design |
QA NOT_Applicable |
QA NOT_Applicable |
QA NOT_Applicable |
|
5 |
Security Misconfiguration |
NOT_Tested |
NOT_Tested |
NOT_Tested |
|
6 |
Vulnerable and Outdated Components |
PARTIAL_compliant |
PARTIAL_compliant |
PARTIAL_compliant |
|
7 |
Identification and Authentication Failures |
PARTIAL_compliant |
PARTIAL_compliant |
PARTIAL_compliant |
|
8 |
Software and Data Integrity Failures |
PARTIAL_compliant |
PARTIAL_compliant |
PARTIAL_compliant |
|
9 |
Security Logging and Monitoring Failures |
PARTIAL_compliant |
PARTIAL_compliant |
PARTIAL_compliant |
|
10 |
Server-Side Request Forgery (SSRF) |
Compliant |
Compliant |
Compliant |
These scan results are produced by our Security QA team using OWASP ZAP, Sonar Cloud and Burp Suite penetration/security testing tools. We will keep scanning for vulnerabilities and do the fixes on identified security bugs on Expertflow CX.
Security-related Bugs and Vulnerabilities
https://expertflow-docs.atlassian.net/issues/?jql=parent%3DCXIM-31%20ORDER%20BY%20rank