Website accepts payment of taxes and other levies online
Also provides customer interface for complaints, grievances
Complex server landscape- 3 tier architecture
Un-structured directory structure
Use of vulnerability assessment tools such as Nessus, Retina, WebScarab etc
Assessment was carried using the OWASP, SANS Top 20 and WASC standards
Iterative testing procedure-with a gap for fixing issues identified during each iteration.
Website had vulnerabilities that could be exploited by hackers to deface webpage and also access/modify sensitive information. User and database credentials such as userid and passwords were exposed in HTML comments.