News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Missing Anti-clickjacking Header

One way to protect your web application against clickjacking attacks is to add an anti-clickjacking header to your HTTP responses. If your vulnerability scanner has identified a missing anti-clickjacking header, it means that your website is not currently protected against clickjacking attacks.

Vulnerabilities

Anti-clickjacking Header

Anti-clickjacking is a security mechanism that protects web applications from clickjacking attacks. If your web application has been flagged for an Anti-clickjacking Header vulnerability, it means that your application is not sending the appropriate HTTP response headers to protect against clickjacking attacks.

Web Browser XSS Protection Not Enabled

The cross-site scripting (XSS) attack is a type of attack in which an attacker injects malicious code into a website that is executed by a victim's web browser. The attack occurs when the website fails to properly validate user input, allowing the attacker to execute arbitrary code.

Vulnerabilities

Re-examine Cache-control Directives

The 'Re-examine Cache-control Directives' vulnerability is a common issue found in web applications that use caching to improve website performance. When not configured correctly, caching can expose sensitive information, compromise user privacy, or even result in a full website compromise.

Vulnerabilities

Vulnerable JS Library

The Vulnerable JS Library is a common security issue that occurs when a web application uses outdated or unpatched JavaScript libraries. Cybercriminals exploit these vulnerabilities to gain access to sensitive data or cause damage to the application.

Vulnerabilities

Referer Exposes Session ID

The 'Referer Exposes Session ID' vulnerability is a type of security flaw that can allow an attacker to hijack a user's session by exploiting the Referer header in HTTP requests.

Vulnerabilities