Small to medium sized project for one of our (Red Rocket Media Group's) clients in the medical industry. They currently have a program written in VBScript and it needs a few "tweaks" to make it more secure.
Description: Several fields and URL parameters are SQL-injectable (this is a security risk and can expose content that the public should not be allowed to see). Most of the risks occur in the "doctor search" and "job search" sections. In at least one case we've seen the basic SQL-escaping handled; the "admin" directory login page. Passwords for the admin side are also stored in clear-text (not encrypted) format. They too need to be fixed and encrypted. The SQL-injection flaws won't allow the site to pass the OWASP Top-10, PCI and HIPAA compliance scans.
## Deliverables
More information to follow if needed.