Vulnerabilities

X-Frame-Options Header Not Set

X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.

Summary

X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.

Risk

Medium

Solution

Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g., it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively, consider implementing Content Security Policy's 'frame-ancestors' directive.

References

Achieve SOC2 Compliance

We make your startup SOC2 compliant by implementing and managing the required security controls for you.

Get Started

Latest Articles

View All Articles

XZ Utils Vulnerability in Linux (CVE-2024-3094)

A critical vulnerability (CVE-2024-3094) was discovered in the widely used XZ Utils library, a data compression suite present in most Linux distributions. This vulnerability stemmed from malicious code injected by a compromised maintainer.

Vulnerabilities
 min read

Permissions Policy Header Not Set

One often overlooked web application security aspect is the Permissions Policy Header, a crucial mechanism to control various browser features and APIs that might pose risks to your web application's security. In this blog, we'll delve into the significance of setting the Permissions Policy Header, explore real-life examples of its vulnerabilities, and provide actionable mitigation strategies with code samples.‍

Vulnerabilities
3
 min read

Cloud Metadata Potentially Exposed

One critical web application vulnerability that continues to pose a significant threat is the exposure of cloud metadata. Cloud metadata can be exploited by attackers to gain unauthorized access and potentially compromise the entire system. In this blog, we will explore real-life examples of cloud metadata exposure and provide detailed mitigation guidelines, including code samples, to help you safeguard your web applications.

Vulnerabilities
 min read