This can be used for monitoring purposes or can be set to actively block requests based on defined security rules. ... WebApplicationSecurityTest ResultsforSBM11. 4 ... SBM 11. 4 testing was performed using Burp Suite Professional v.1.7.33. ... White Paper Solutions Business Manager 11. 4 Web Application Security Assessment ... ■ Logging into SBM
XSS stored/reflected ■ Report creation and execution Passed after adding a ModSecurity rule that blocks potential XSS injection in Drill- Through reports. ... A 4 Broken Access Control No issues found All access of objects inside of SBM go through a centralized access control to verify the user’s permission. ... A7 InsufficientAttack Protection No issues found is attempted, SBM logs the attempt, which enables an administrator to review the logs and identify the attack.
This can be used for monitoring purposes or can be set to actively block requests based on defined security rules. ... ■ Logging into SBM – Individual application authentication using SBM database with session cookies – Single Sign-On authentication using SBM database – Single Sign-On authentication using SAML2 identity provider