New Delhi: The Delhi Government will conduct a major security audit of all IT systems, websites, applications that support web, web services, and cellular applications against each cyberattack or threat.
The government works towards larger e-governance and many services are now available online.
It feels like the growth of applications that support the web, cellular applications, web services, etc., attacks and threats also become more sophisticated and want their application in front of the curve through constant innovation and evolution.
Delhi Egovernance Society, which is under the Department of Delhi Government Information Technology, has waved the request of the proposal (RFP) to choose the Cyber ​​Security Agency to conduct a comprehensive security audit for the IT system of the state government, various departments, local bodies and autonomous bodies.
The audit will involve finding out the vulnerability of the government’s IT system against Cyberattack which is more sophisticated and the way to secure the system against the threat.
RFP said that intentional attacks can be an evil effort to get unauthorized access to IT systems, such as through passwords guessing to reduce systems and data integrity, availability, or constant confidentiality or friendship, but do not aim to avoid the security system.
“A new threat evolved everyday with technology that developed and therefore organizations face challenges to maintain the security of their information security assets.
Often organizations utilize new technologies to expand their functionality and reach more clients and partners and therefore their risk exposure to grow continuously,” He stated.
RFP states rapid growth in the vulnerability found in the application makes it easier for attackers to find the way to the network.
“In-house applications and commercially developed often put rapid development and convenience of security, which results in vulnerabilities such as bypass authentication, SQL injection, cross site scripting etc.” It is said that the application is also the preferred target for the attacker, because they almost always allow access to internal resources through a firewall.
Vulnerability and security problems can include damaged authentication, damaged access control, weak password, weak session management, forced browsing, damaged session management, ‘cookie poisoning’, denial-of-service, stab parameters, week cryptography, mistakes Inaccurate, the three party configuration errors, information leakage, server configuration errors, hidden field forms / manipulation, cryptographic use, back doors and debug options, errors triggered leakage of sensitive information, CGI-bin manipulation, etc.