Security Test: Headers¶
Description¶
Default Severity:
Sometimes web apps don’t set security headers correctly, which can open the door for various problems. For example, if cache settings aren’t defined, sensitive data might be stored on a user’s device and potentially seen by others. Not specifying a content type or allowing browsers to guess it can lead to dangerous misinterpretations of data, potentially letting malicious content execute in an unexpected way. Without enforcing HTTPS strictly, connections might be unencrypted, exposing data in transit. Similarly, cookies that lack secure or HttpOnly flags can be intercepted or accessed by scripts, making session theft easier. Also, when servers reveal their version details in response headers, attackers can use this information to target known vulnerabilities. Developers need to be careful not to overlook these headers, as their improper setup can significantly increase a system’s risk profile.
Reference:
- https://owasp.org/www-community/Security_Headers
- https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html
- https://www.tenable.com/plugins/was/98618s
Configuration¶
Identifier:
protocol/headers
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API2:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-52 |
| FedRAMP | SC-28 |
| CWE | 200 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C |
| CVSS Score | 5.1 |