Pau Lo
asked on
CAG vuln assessment/audit
Our management are keen to engage a 3rd party to assess our citrix access gateway for security flaws/misconfigurations/be st practice from the outside (the internet). My understanding is citrix access gateway uses 2-factor in this instance, SSL and is a very hardened linux appliance and server. Therefore, the question remains, from the outside, what kind of issues are there that could be tested for? Could you provide a top 5 areas youd review on a citrix access gateway (not secure access gateway) if you were tasked with such an audit. I dont want to go back to management and say "theres nothing to check with CAG from the outside" unless I know thats true.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> ... if theres a flaw in the citrix login page its citrix responsibility ..
I'd expect it that way in a trustworthy world, but check your contracts ...
I'd expect it that way in a trustworthy world, but check your contracts ...
ASKER