website app software security, opinions requested
Posted on 2011-02-15
we are evaluating a software package, and need to decide if we want to run it on our IIS7 server. the application is a frontend for our backend database suite.
the software vendor has given us a link to their sandbox and asked us to check it out. for me, at the helpdesk, i only really care about security and not so much about functionality. so i'm hoping you guys could check it out (it's public) and offer your suggestions that pertain to vulnerabilities, etc.
the data in the sandbox is all fake, just place holders - and anyone can create any fake info (name, address, etc - create an account for yourselves). the idea is this front end is customer facing, and random people will be using it to search our database and create accounts for themselves to upload their own resumes, and contain their own personal information which plugs to the backend (which is SQL)
the sandbox is the URL below - i'm intentionally not typing it directly as to be fair to the software vendor - if there are huge problems we'll get them fixed, but it wouldn't be fair for future google searchers to stumble upon this (assuming any problems exist and eventually do get fixed)
if you post links pointing to certain pages that may present security issues, it would be appreciated to break them up a little just to be fair
www dot jobs on a stick dot com