Scribd
Upload
579 views1 page

DGCA Web App Security Audit 2020

This document is a web application security certificate issued by AKS Information Technology Services Private Ltd for the eGCA Citizen External Portal & Back Office Portal of the Directorate General of Civil Aviation. The audit was performed from May 11-28, 2020 on the listed testing and production URLs. The conclusion is that the web application is free of vulnerabilities and safe to host with some recommendations: 1) read-only permission, 2) SSL deployment, 3) write permission only for file upload folders, and 4) web and OS hardening. The certificate is valid until changes are made or one year from issue.

Uploaded by

akib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
579 views1 page

DGCA Web App Security Audit 2020

This document is a web application security certificate issued by AKS Information Technology Services Private Ltd for the eGCA Citizen External Portal & Back Office Portal of the Directorate General of Civil Aviation. The audit was performed from May 11-28, 2020 on the listed testing and production URLs. The conclusion is that the web application is free of vulnerabilities and safe to host with some recommendations: 1) read-only permission, 2) SSL deployment, 3) write permission only for file upload folders, and 4) web and OS hardening. The certificate is valid until changes are made or one year from issue.

Uploaded by

akib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

AKS Information Technology Services Private Ltd.

B-21, Sector-59, NOIDA-201309


Tel: 0120-4545911, Fax: 0120-4243669, Mobile: +91-9811943669
E-mail: [email protected], Website: www.aksitservices.co.in
An ISO 9001:2015 & ISO 27001:2013 Certified Company

Web Application Security Certificate


Web Application Name: eGCA Citizen External Portal & Back Office Portal
(Directorate General of Civil Aviation)

Testing URLs: http://3.7.21.232:8092/digigov-portal/


http://3.6.171.88:8092

Production URLs: https://dgca.gov.in


http://backoffice.dgca.gov.in
http://10.23.10.16

Audit Performed by: Snehita Chhabria, Ayush Sharma and Hemanth Kumar

Testing Date: 11 May 2020 - 28 May 2020

Conclusion: Web Application is free from OWASP (any other known)


vulnerabilities and is safe for hosting.
Recommendations: -

1. Web Application may be considered safe for hosting with Read only permission.

2. SSL deployment is suggested on production server for further enhancing security.

Authentication mechanism is being used in the given website at the following URLs:

• http://3.7.21.232:8092/digigov-portal/jsp/dgca/common/login.jsp
• http://3.6.171.88:8092/

3. Write permission should be granted only on the folder where the files are to be
uploaded given at the following URL:

https://dgca.gov.in/documents-prd-dgca

4. Web Server and OS Level hardening need to be in place for the production server.

Note: The certificate is valid till no additional changes in the dynamic content carried
out or one year from the date of issue whichever is earlier.

(Ashish Kumar Saxena)


M Tech, CISSP, CISA, FIETE, MBCI Reviewed By: Akshay Kumar K
Managing Director (Assistant Manager)
AKS Information Technology Services Pvt. Ltd
Govt. of India, CERT-In Empanelled Company Date of issue: 30th May 2020
Certificate No: AKSIT/2020-21/053

You might also like