Security Test: Header leak¶

Description¶

Default Severity:

When a web server gives away details about its inner workings in its HTTP headers, it offers a roadmap for attackers. Essentially, key information like which server or framework is in use can inadvertently help hackers target known weaknesses in those technologies. Developers often overlook default settings that automatically include this data or forget to remove it during deployment, which can leave the application more vulnerable to tailored attacks if an issue arises later on.

Reference:

https://owasp.org/www-community/Security_Headers
- https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html

Configuration¶

Identifier: protocol/header_leak

Examples¶

All configuration available:

checks:
  protocol/header_leak:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API7:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`2.2.5`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.18.1`
NIST	`SP800-53`
FedRAMP	`AC-6`
CWE	`200`
CVSS Vector	`AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`
CVSS Score	`5.3`