i am developing one web site in that site i have faced 2 security audit problem .
i googled more but don't get proper solution .
please give any solution if u have.
The problem was,
1 Unencrypted Login Request
Severity: High
CVSS Score: 8.5
URL: /AddUser
Entity: AddUser (Page)
Risk: It may be possible to steal user login information such as usernames and passwords that are sent
unencrypted
Causes: Sensitive input fields such as usernames, password and credit card numbers are passed
unencrypted
Fix: Always use SSL and POST (body) parameters when sending sensitive information.
2 Potential File Upload
Severity: High
CVSS Score: 0.0
URL: /Upload_Aadesh
Entity: FileUpload1 (Parameter)
Risk: It is possible to run remote commands on the web server. This usually means complete
compromise of the server and its contents
It is possible to upload, modify or delete web pages, scripts and files on the web server
Causes: Insecure web application programming or configuration
Fix: Restrict user capabilities and permissions during the file upload process
for file upload i cheked the file extension also