On Wednesday, October 17, 2012, Ontario Soil & Crop Association (OSCIA) engaged Open Systems Group to perform a security audit of its browser-based application on the domain, farmprograms.net. The application, farmprograms.net, implements the Grasslands Habitat Farm Incentive Program on behalf of the Ontario Ministry of Natural Resources through the Species at Risk Stewardship Fund. The farmprograms.net application fully integrates with the organization's internal, browser-based Delivery Management System (DMS).
The Grassland Habitat Farm Incentive Program (GHFIP) provides cost-share funding through a competitive bid process for farmers to implement best management practices that will help provide and protect grassland habitats.
OSCIA is an NGO that oversees provincial stewardship grants on behalf of provincial government. The browser-based application, farmprograms.net, allows over 500 producers to submit applications for cost-share incentives to preserve native wildlife.
The scope of the work included a code review of the design of the application, identifying security vulnerabilities. In so doing the security audit looked at the application's authentication strategies and authorization strategies within both the front-end web pages of the application as well as the XML web services and compares these strategies to industry best practices. The security audit also looked at the exception reporting strategies, data access strategies, report generation strategies, code library configuration methods and again compared these strategies with industry best practices. The security audit also produced a list of strategic recommendations to effectively remediate the gaps.
visit the site: farmprograms.net
visit the page on OSCIAs's web site that includes a URL link to the browser-based application: grassland habitate farm incentive program—web page
read about the Grassland Habitat Farm Incentive Program: www.mnr.gov.on.ca