Uploaded image for project: 'Shell OneHub'
  1. Shell OneHub
  2. SO-1363

Güvenlik Bulguları

    XMLWordPrintable

    Details

      Description

      Insecure cookie setting: missing Secure flag
      Recommendation
      Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.

      -----------

      Missing security header: Content-Security-Policy
      Recommendation
      Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the application.

      ----------------
      Missing security header: Referrer-Policy
      Recommendation
      The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The value `no-referrer` of this header instructs the browser to omit the Referer header entirely.

      -------------------
      Server software and technology found
      Security.txt file is missing
      Missing: https://testsfs.turkiyeshell.com/.well-known/security.txt
      Recommendation
      We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security issues they find, improving the defensive mechanisms of your server.

        Attachments

        1. image-2022-09-23-12-11-51-432.png
          31 kB
          Selma Öztaşkın
        2. image-2022-09-23-12-46-37-782.png
          126 kB
          Selma Öztaşkın
        3. image-2022-09-23-14-25-29-113.png
          21 kB
          Selma Öztaşkın
        4. image-2022-09-23-18-01-31-085.png
          20 kB
          Selma Öztaşkın
        5. image-2022-09-23-18-07-52-508.png
          45 kB
          Selma Öztaşkın

          Activity

            People

            Assignee:
            selma Selma Öztaşkın
            Reporter:
            gandil Cengiz Bayram
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: