eee L Assess any web interface to determine if weak passwords ar allowed [Assess the account lackout mechanism [Assess the web interface for XSS, SLi and CSRF vulhereiltes and other web L application vuinerabities Assess the use of HTTPS to protect “transmitted information [etme Tins are Assess the solution to determine the use of encrypted communication between devices and between devices B internat Assess the solution to determine if accepted encryption practices are used and if proprietary protocols are avoided Assess the solution to determin if a firewall option available is avaible [emia eng Pe Assess the solution to determine if gassword security options are available Assess the solution ta determine if encryption options (eg Enabling AES-256 where AES-128 isthe default settingJare available Assess the solution t determine if logging for security events LES | Assess the device to ensure it utilizes ‘a minimal number of physical external ports (eg, USB ports) onthe devine L Assess the device to determine if it can be accessed via unintended methods such as through an unnecessary USB port i f ‘ OU = & Store Muar PAO Assess the solution for the use of strong passwords where authentication is needed Assess the solution for Implementation {two-factor authentication where possible Assess password recovery mechanisms Assess te solution forthe opian ta require strang passwords Assess the solution far the option ta force password expiration after a specfc period Assess the solution for the option to change the default username and password eer Assess the cloud interfaces for security vwlrerabilities Assess the cloud-based web interface to ensure it isallows weak passwords {Assess the cloud-based web interface to ensure it includes an account lockout mechanism } Assess the cloud-based web interface to determine if two-factor authentications used {Assess any cloud interfaces for YSS, SOliand SRF vulnerabilities ad other wlerebltes Assess all cloud interfaces to ensure transport encryption is used Assess the cloud interfaces ta determine ithe aption a require strong passwords is avaiable rae) Assess the device to ensure it includes update capability & can be updated auicky when vulnerabilities are discovered Assess the device to ensure it uses encrypted update files and thatthe files are transited using encryption Assess the device to ensure is uses signed files and thenvalates tat file before instalation AON Mor F ri AG Ss Pade’ Sy, NOT TESTING GUIDANGE Pes 2 LOVE As Assess the solution to determine the ‘amount of personal information collected Assess the solution to determine i collected persanal data is property protected using encryption at rest and in transit ‘Assess the solution to determine if Ensuring data is de-identified or anonynized Assess the mobile interface to ensure it disallows weak passwords Assess the mobil interface to ensure it includes an account lockout mechanism Assess the mobil interface ta determine if timplements two-factor authentication Assess the mobil interface ta determine if tuses transport encryption Assess the mobil interface to determine if the option ta require strong passwords isavalable Assess the mobil interface ta determine if the option to force password expiration after a speci period is available Assess the mobil interface to determine if he option to change the default username and password is avaiable Assess the mobil interface to determine the amount of personal information collected Assess the solution to ensure network services da't respond poorly ta buffer overlow. fuzzing or denial of service attacks Assess the solution to ensure test ports are not present