Bug #87: [Security Audit ] 22 -Security headers are not Implemented - E-Arogya - Redmine

Actions

Copy link

Bug #87

closed

Feature #65: Security Audit

[Security Audit ] 22 -Security headers are not Implemented

Added by Kalyan Battula about 1 year ago. Updated 7 months ago.

Status:

Closed

Priority:

Low

Assignee:

Pavan kumar Siddamsetti

Category:

Target version:

Security Audit

Start date:

17/04/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

22- Security headers are not Implemented
CWE : CWE-16
Description :
Modern browsers support many HTTP headers that can improve web application
security to protect against clickjacking, cross-site scripting, and other common attacks.
Affected Path(s) :
/(WebServer)
Impact :
Client side attacks like clickjacking, XSS, history hijacking, etc may be possible if
security headers are missing in the response headers.
Recommendation :
It is recommended to implement following security headers with the values required for
the application. Sample configuration:
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: deny
Content-Security-Policy: default-src 'self'
Strict-Transport-Security: max-age=63072000; includeSubDomains;
preload
Evidence/Proof Of Concept :
Step 1: It was observed that Security Headers are not implemented in the Application as
shown below screenshot.

Files

clipboard-202404171604-cnpdz.png (57.6 KB) clipboard-202404171604-cnpdz.png

Kalyan Battula, 17/04/2024 04:04 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

E-Arogya

Custom queries

Bug #87

[Security Audit ] 22 -Security headers are not Implemented

Updated by Pavan kumar Siddamsetti about 1 year ago

Updated by Pavan kumar Siddamsetti 12 months ago

Updated by Vasudev Mamidi 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Gautam Kumar 7 months ago