Criteria | Protocol Manipulation

Protocol Manipulation
Insecure or unset HTTP headers - Permissions-Policy
Description The application does not control browser functions in a document or within any iframe. Impact Enable functions that allow an attacker to compromise the confidentiality of application users. Recommendation - Enable the header permission ...
Insecure authentication method - LDAP
Description The use of LDAP software in its current state is not suitable as an authentication service. LDAP is an active directory, this means that it (the LDAP server) is constantly being inundated with new queries. An authentication service should ...
Insecure authentication method - NTLM
Description The application uses the Legacy NTLM authentication protocol which can be vulnerable to several security flaws, including Relay attacks, Man in the Middle and brute force to obtain valid challenge results. Impact Obtain valid challenges ...
Insecure or unset HTTP headers - Content-Type
Description The application does not define the Content-Type header in the server responses. Impact Lead to unexpected behaviors due to content type misinterpretations. Recommendation Define explicitly the content types allowed by the application. ...
Insecure or unset HTTP headers - Accept
Description The application does not set the Accept header or allows any MIME type in the requests. An attacker could abuse this feature to cause unexpected behaviors when the application interprets incorrect content-types. Impact Lead to unexpected ...
Insecure or unset HTTP headers - X-Frame Options
Description The application uses the X-Frame Options header on the server responses as the only protection mechanism against clickjacking. This header is considered deprecated, since its protection can be bypassed using several iframe layers. Impact ...
Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
Description The application lacks the X-Permitted-Cross-Domain-Policies header or sets the header in a insecure value. Impact Allow harmful requests from Adobe Flash or PDF documents. Recommendation Unless the application requires Adobe products, set ...
Insecure or unset HTTP headers - Cache Control
Description The application lacks the Cache Control security header or sets the header in a insecure value. Impact - Store sever responses with sensitive information in the browsers cache. - Produce potentially harmful server responses using Cache ...
Insecure or unset HTTP headers - X-XSS Protection
Description The application uses the X-XSS Protection header considered deprecated. The use of this header may lead to stored XSS vulnerabilities. Impact Increase the chance of exploiting a stored XSS. Recommendation Disable the X-XSS Protection ...
Insecure or unset HTTP headers - CORS
Description The cross-domain policy includes wildcards, accepting any domain as valid for sharing resources. Impact Include resources from untrusted origins. Recommendation Remove the wildcard (*) and define explicitly the trusted origins for the ...
Insecure or unset HTTP headers - X-Content-Type-Options
Description The server is missing the X-Content-Type-Options HTTP header. Impact Execute MIME sniffing attacks to obtain technical information and craft new attack vectors. Recommendation Set the X-Content-Type-Options header to nosniff in the server ...
Insecure or unset HTTP headers - Strict Transport Security
Description The server is missing the Strict-Transport-Security HTTP header. Alternatively, the headers max-age is too short. Impact Compromise confidential information sent through insecure channels. Recommendation Set the Strict-Transport-Security ...
Insecure or unset HTTP headers - Referrer-Policy
Description The server is missing the Referrer-Policy HTTP header. Alternatively, the headers configuration is unsafe. Impact Leak website domain and path to external services. Recommendation Set the Referrer-Policy header to no-referrer, ...
Insecure HTTP methods enabled
Description HTTP methods such as TRACE, PUT and DELETE are enabled on the server. These methods may allow an attacker to include and/or delete files, or perform cross-site tracing attacks. Impact - Include content, scripts, binaries or images from ...
Insecure or unset HTTP headers - Content-Security-Policy
Description The application has unsafe configurations regarding the Content-Security-Policy header. This may be because: - Header is missing from server responses. - The header has not defined mandatory security policies. - Defined security policies ...
Insecure authentication method - Basic
Description The server uses Basic authentication over an insecure channel. Impact Gather base 64 coded credentials. Recommendation Use stronger authentication mechanisms like Bearer and OAuth. Threat Unauthorized attacker from adjacent network ...

Criteria | Protocol Manipulation | Knowledge Base

Protocol Manipulation

Insecure or unset HTTP headers - Permissions-Policy

Insecure authentication method - LDAP

Insecure authentication method - NTLM

Insecure or unset HTTP headers - Content-Type

Insecure or unset HTTP headers - Accept

Insecure or unset HTTP headers - X-Frame Options

Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies

Insecure or unset HTTP headers - Cache Control

Insecure or unset HTTP headers - X-XSS Protection

Insecure or unset HTTP headers - CORS

Insecure or unset HTTP headers - X-Content-Type-Options

Insecure or unset HTTP headers - Strict Transport Security

Insecure or unset HTTP headers - Referrer-Policy

Insecure HTTP methods enabled

Insecure or unset HTTP headers - Content-Security-Policy

Insecure authentication method - Basic