Professional Documents
Culture Documents
NALCOInida Website Audit
NALCOInida Website Audit
Kpmg.com/in
IT Security Program – Mandate
NALCO
6.Functional Reviews
3. Configuration Reviews (Change Management, BCP Policy Review)
© 2023 KPMG Assurance and Consulting Services LLP, an Indian Limited Liability Partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
2
Deliverable – Status Update
Bucket 1 – IT Infrastructure Audits Bucket 2 – Mobile Application Security Review
© 2023 KPMG Assurance and Consulting Services LLP, an Indian Limited Liability Partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
3
Summary of Observations Reported (Contd.)
Report High Medium Low Total Summary of Critical Observations
Man-in-the-Middle Attack
Bill Tracking Portal - Web App 2 3 6 11 Application is vulnerable to SWEET32 attack
Broken Session Management
Man-in-the-Middle Attack
Appraisal Portal - Web App 2 3 8 13 Application is vulnerable to SWEET32 attack
Broken Session Management
Man-in-the-Middle Attack
PESB Application - Web App 3 3 11 17 Application is vulnerable to SWEET32 attack
User Recovery Mechanism Missing
© 2023 KPMG Assurance and Consulting Services LLP, an Indian Limited Liability Partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
6
Thank You
Follow us on:
kpmg.com/in/socialmedia
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity.
Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is
received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a
thorough examination of the particular situation.
© 2022 KPMG Assurance & Consulting Services LLP, an Indian Registered Partnership and a member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
This document is for e-communications only.
14