Scribd
Upload
9 views

Security Audit Report

The document is a compliance report for the Government eProcurement System of National Informatics Centre (GePNIC), detailing the web application security testing results conducted by STQC IT Chennai. All OWASP Top 10 vulnerabilities were found to be satisfactory, and several recommendations for security hardening and regular assessments were made. The compliance statement is contingent on the application's code and infrastructure remaining unchanged.

Uploaded by

Murtuza Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

Security Audit Report

The document is a compliance report for the Government eProcurement System of National Informatics Centre (GePNIC), detailing the web application security testing results conducted by STQC IT Chennai. All OWASP Top 10 vulnerabilities were found to be satisfactory, and several recommendations for security hardening and regular assessments were made. The compliance statement is contingent on the application's code and infrastructure remaining unchanged.

Uploaded by

Murtuza Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Government of India

Ministry of Electronics & Information Technology


Standardisation, Testing & Quality Certification
Directorate ,
Electronics Niketan, 6 CGO Complex, , 6, ,
Lodhi Road, New Delhi-110020.
, 110003

WEB APPLICATION SECURITY COMPLIANCE STATUS


Ref. Test Report No.: ETDC(CN)/IT/2023-24/859/2nd Dated: 10.01.2025
Name of Test Laboratory: STQC IT Chennai
Identification of the Web Application: Government eProcurement System of National Informatics Centre
GePNIC
National Informatics Centre
Organization Name: A-Block, CGO Complex, Lodhi Road,
New Delhi - 110003, India
Test / Staging URL: https://demoetenders.tn.nic.in/auditnicgep/app
Production URL:
I cycle: 30.09.2024 to 24.10.2024
Date of Testing:
II cycle: 01.11.2024 to 09.01.2025
TEST RESULT SUMMARY:
OWASP
Web Application Vulnerabilities Compliance Remarks
Top10
A01:2021 Broken Access Control Satisfactory
A02:2021 Cryptographic Failures Satisfactory
A03:2021 Injection Satisfactory
A04:2021 Insecure Design Satisfactory
A05:2021 Security Misconfiguration Satisfactory
A06:2021 Vulnerable and Outdated Components Satisfactory
A07:2021 Identification and Authentication Failures Satisfactory
A08:2021 Software and Data Integrity Failures Satisfactory
A09:2021 Security Logging and Monitoring Failures Satisfactory
A10:2021 Server-Side Request Forgery Satisfactory
RECOMMENDATIONS:
1. The web application is recommended to be hosted at above mentioned URLs .
2. Security hardening / secured configuration of the Web Server, Network devices and Operating System are
recommended for the hosting environment.
3. Regular security vulnerability assessment of the hosting IT infrastructure (servers and network devices) are
recommended.
4. Ensure appropriate protection for Application logs, user logs and establish necessary clock synchronization with
international time sources.

CONCLUSION:
This statement of compliance is issued for the specific version of the Web Application.
This Statement of compliance becomes null and void, if changes are made to the Application code related to the security
architecture & security mechanisms for handling inputs, user Access Control, user Authentication & Authorization,
Session Management, handling sensitive data, Data encryption at Rest & in Motion, handling of runtime errors &
external resources.
This statement of compliance state is also become null and void if there is any change in underlying IT infrastructure or
their configuration, hosting the Web Application and if any new vulnerabilities are discovered.

Issued By:
S.No eProcurement Site URL

Central Government eProcurement Links

1. Defence eProcurement Portal https://defproc.gov.in

2. Central Public Procurement Portal for Government https://eprocure.gov.in

3. Central Public Procurement Portal for CPSEs https://etenders.gov.in


Central Public Sector Enterprises/Others
4. Bharat Heavy Electricals Limited (BHEL) https://eprocurebhel.co.in
5. Coal India Limited (CIL) https://coalindiatenders.nic.in
6. Chennai Petroleum Corporation Limited(CPCL) https://cpcletenders.nic.in
7. NTPC Limited(NTPC) https://eprocurentpc.nic.in
8. IndianOil Corporation Limited(IOCL) https://iocletenders.nic.in
9. Bharat Electronics Limited (BEL) https://eprocurebel.co.in
10 Garden Reach Shipbuilders and Engineers Ltd (GRSE) https://eprocuregrse.co.in
11. Goa Shipyard Limited(GSL) https://eprocuregsl.nic.in
12. Hindustan Shipyard Limited(HSL) https://eprocurehsl.nic.in
13. Mazagon Dock Shipbuilders Limited(MDL) https://eprocuremdl.nic.in
14. Mishra Dhatu Nigam Limited(Midhani) https://eprocuremidhani.nic.in

15. PMGSY - National Rural Road Development Agency (NRRDA) and 32 participating sites
PMGSY - National Rural Road Development Agency https://www.pmgsytenders.gov.in
15.01 (NRRDA)

15.02 PMGSY - Andaman and Nicobar https://pmgsytendersani.nic.in

15.03 PMGSY - Andhra Pradesh https://pmgsytendersap.gov.in

15.04 PMGSY - Arunachal Pradesh https://pmgsytendersarn.gov.in

15.05 PMGSY - Assam https://pmgsytendersasm.gov.in

15.06 PMGSY - Bihar https://pmgsytendersbih.gov.in

15.07 PMGSY - Chhattisgarh https://pmgsytenderscg.nic.in

15.08 PMGSY - Goa https://pmgsytendersgoa.gov.in

15.09 PMGSY - Gujarat https://pmgsytendersguj.gov.in

15.10 PMGSY - Haryana https://pmgsytendershry.nic.in

15.11 PMGSY - Himachal Pradesh https://pmgsytendershp.gov.in

15.12 PMGSY - Jammu & Kashmir https://pmgsytendersjk.gov.in

15.13 PMGSY - Jharkhand https://pmgsytendersjhr.gov.in

15.14 PMGSY - Karnataka https://pmgsytenderskar.gov.in

15.15 PMGSY - Kerala https://pmgsytendersker.gov.in

15.15 PMGSY - Ladakh https://pmgsytendersla.nic.in

15.17 PMGSY - Madhya Pradesh https://pmgsytendersmp.gov.in

15.18 PMGSY - Maharashtra https://pmgsytendersmah.gov.in

15.19 PMGSY - Manipur https://pmgsytendersman.gov.in

15.20 PMGSY - Meghalaya https://pmgsytendersmeg.gov.in

15.21 PMGSY - Mizoram https://pmgsytendersmiz.gov.in

15.22 PMGSY - Nagaland https://pmgsytendersngl.gov.in

15.23 PMGSY - Odisha https://pmgsytendersori.gov.in

15.24 PMGSY - Puducherry https://pmgsytenderspy.nic.in

15.25 PMGSY - Punjab https://pmgsytenderspb.gov.in


15.26 PMGSY - Rajasthan https://pmgsytendersraj.gov.in

15.27 PMGSY - Sikkim https://pmgsytendersskm.gov.in

15.28 PMGSY - Tamil Nadu https://pmgsytenderstn.gov.in

15.29 PMGSY - Telangana https://pmgsytendersts.nic.in

15.30 PMGSY - Tripura https://pmgsytenderstrp.gov.in

15.31 PMGSY - Uttarakhand https://pmgsytendersuk.gov.in

15.32 PMGSY - Uttar Pradesh https://pmgsytendersup.gov.in

15.33 PMGSY - West Bengal https://pmgsytenderswb.gov.in

State Government/UT eProcurement Portal links


16. Government of Andaman and Nicobar Islands (U.T) https://eprocure.andaman.gov.in

17. Government of Arunachal Pradesh https://arunachaltenders.gov.in

18. Government of Assam https://assamtenders.gov.in

19. Government of Chandigarh (U.T) https://etenders.chd.nic.in

20. Government of Dadra and Nagar Haveli (U.T) https://dnhtenders.gov.in

21. Government of Daman and Diu (U.T) https://ddtenders.gov.in

22. Government of NCT of Delhi https://govtprocurement.delhi.gov.in

23. Government of Goa https://eprocure.goa.gov.in

24. Government of Haryana https://etenders.hry.nic.in

25. Government of Himachal Pradesh https://hptenders.gov.in

26. Government of Jammu and Kashmir https://jktenders.gov.in

27. Government of Jharkhand https://jharkhandtenders.gov.in

28 Government of Kerala https://etenders.kerala.gov.in

29. Government of Lakshadweep (U.T) https://tendersutl.gov.in

30. Government of Maharashtra https://mahatenders.gov.in

31. Government of Madhya Pradesh https://mptenders.gov.in

32. Government of Manipur https://manipurtenders.gov.in

33. Government of Meghalaya https://meghalayatenders.gov.in

34. Government of Mizoram https://mizoramtenders.gov.in

35. Government of Nagaland https://nagalandtenders.gov.in

36. Government of Odisha https://tendersodisha.gov.in

37. Government of Puducherry https://pudutenders.gov.in

38. Government of Punjab https://eproc.punjab.gov.in

39. Government of Rajasthan https://eproc.rajasthan.gov.in

40. Government of Sikkim https://sikkimtender.gov.in

41. Government of Tamil Nadu https://tntenders.gov.in

42. Government of Tripura https://tripuratenders.gov.in

43. Union Territory of Ladakh https://tenders.ladakh.gov.in

44. Government of Uttarkhand https://uktenders.gov.in

45. Government of Uttar Pradesh https://etender.up.nic.in

46. Government of West Bengal https://wbtenders.gov.in

47. eProcurememt Demo Portal https://demoeproc.nic.in

You might also like