IRCTC - India's Rail Ticket Booking Website which is sought to be a secure platform for the citizens booking their tickets has few simple security configurations missing.
An example is the auto-complete not set to off on their payments page - a practice which most of the secure web applications follow for sensitive pages right from login page. Below is a snapshot.
Nice observation!, i have seen this website when i was booking the ticket, i think this entire website is depends on one DLL (bv60.dll). So do you think is it secure?
ReplyDelete