Posted by satish on
URL: http://erman-arslan-s-oracle-forum.114.s1.nabble.com/Security-report-r12-2-tp9851.html

Dear Erman,
 
our erp is in intranet.No DMZ
 
These issues are identified with erp url.Can you please suggest us what can be done to avoid these security reported issues?

1)Browser cache weakness
description--Browsers can store information for purposes of caching and history. Caching is used to improve performance, so that previously displayed information doesn't need to be downloaded again. History mechanisms are used for user convenience, so the user can see exactly what they saw at the time when the resource was retrieved. If sensitive information is displayed to the user (such as their address, credit card details, Social Security Number, or username), then this information could be stored for purposes of caching or history, and therefore retrievable through examining the browser's cache or by simply pressing the browser's "Back" button.
impac--The attacker can use the back button to crawl through the pages the victim has visited previously.
 
2)Insufficient Anti-Automation
description--Insufficient Anti-automation is when a web site permits an attacker to automate a process that should only be performed manually. Certain web site functionalities should be protected against automated attacks.
ikpact--Attackers could repeatedly exercise web site functionality attempting to exploit or defraud the system. An automated robot could potentially execute thousands of requests a minute, causing potential loss of performance or service.
 
3)Improper Input Validation
description--Application fails to validate the user supplied parameters with any random data which includes specials characters such as ( ‘ “ < # > ) \%
impact--Further malicious attacks such as injection attacks or input tampering attacks are possible.
 
Thank You