Kp calls for tenders to protect its own website against hackers | Kolkata News
“This is the rectification of the Kolkata Police website as per the Standard Testing and Quality Certification Directorate (STQC) Web Application Security Assessment Report. The purpose of the rectification is to use techniques to assess the application’s security against best practice criteria and to validate its security mechanisms and identify application-level vulnerabilities,” an official said. The tender will close on Thursday, after which the works will be carried out, sources said.
Sources say law enforcement is a target for hackers, especially those looking to steal or compromise data. Some departments are particularly vulnerable due to outdated technology or inadequate training. ‘As the Metropolitan Police we need to be one step ahead of hackers,’ a source said.
In addition to tracking down the identity of witnesses and other critical police data, cybercriminals can tamper with evidence storage systems and spoof email accounts from vendors and government agencies. They can even lock down the service’s entire system during a ransomware attack.
According to law enforcement sources, the STQC report identified areas where work needs to be completed at the earliest, including CAPTCHA validation error, application error on various pages, manipulation of GET parameters, authentication missing multifactor using admin login form and missing response header. Among these, the CAPTCHA provides protection against remote numeric entry by ensuring that only a human being with the correct password can access your account.
Similarly, manipulating parameters, or data sent between the browser and the web application, used to an attacker’s advantage has long been a simple but effective way to get applications to do undesirable things. a way the user often shouldn’t be able to do. In a poorly designed and poorly developed web application, malicious users can modify things, such as prices in web shopping carts, session tokens or values stored in cookies, and even HTTP headers.
City government websites have been subject to hacker attacks before. A website on behalf of the city’s police that featured pornographic images nearly two decades ago is now under the Detective Department’s scanner. The website host was found to be based in Canada. At the start of the pandemic, even the Kolkata Municipal Corporation was attacked and hackers uploaded information to the National Population Register (NPR).