Page 19 - FIGI: Security audit of various DFS applications
P. 19

Figure 4 – Radar graph of the test results (the radial axis indicates the percentage of tested best practices that
            were found to be implemented)





































            4�3  Summary of results                            b)  App3 does not apply an extra encryption of the
            We conclude this report by summarizing the results    data exchanged over HTTPS.
            of the tests in Figure 4. No critical vulnerability was
            detected during the tests. Nevertheless, two findings   Testing of additional applications would yield a larg-
            were found.                                        er base to compare with and would also allow to
                                                               fine-tune the tests.
            a)  No PIN is required to access a Personal Unlock
                Key (PUK) in App2






























                                                                           Security audit of various DFS applications  17
   14   15   16   17   18   19   20   21   22