First of all this report is just mainly concern for
Suggested security improvementsbased on your policy page.
If and only if not mean possible, please do let me know. Thanks!
Administrative panel is one of the main entry point for the website owner to manage their web apps from outside, making it expose not only to website owner but to public as well.
It have found out that
https://www.cfptime.org/ has an endpoint of
admin/login which was a written django web application python framework (i should say based on the login page UI).
Though the web application looks okay, i do suggests that you'll need to setup an additional Two Factor Authentication on the login page to ensure that only the website owner can access the site internally and nothing else.
Things To Look For
- Suggested security improvements
I highly recommend to install 2FA from the following modules in python
qrcode which uses otp token for verification since csrf token are mean to use only on public, while otp can only be received by the website owner itself only.
Finally the references i used for this report, you might consider checking this also for even more ways to fortify your web application.
Prone to password guessing attacks/brute force attacks.