AnsweredAssumed Answered

Related to Information Security

Question asked by rahulsingh18 on Mar 1, 2011
Latest reply on Mar 2, 2011 by rahulsingh18
Hi All,

As a BA i am involved in implementation of Alfresco Share in one of the insurance major in India. Now my client needs certain Information security related queries in Yes or NO for the following question.

These questions are as follows :
Whether the HTML page validates input entered in form fields before submitting the form?
Whether the application logic validates the input entered in form fields after form submission?
Whether known good/ bad criteria defined for input and output variables ?
Does all the parameters examined for valid source before including the information from outside domain in application logic?
Whether the special characters are sanitized, escaped or rejected ? Examples - <, >, (, ), #, &
Whether the application accept inputs from cookies?
Is the input from cookie validated before inclusion in application logic?
Are the parametrized SQL statements used in application code for database interaction ?
Whether all the output on HTML page is properly escaped in order to avoid the execution of unwanted and unknown scripts and errors?

Please answer these question.

Thanks :)