426 matches found
Legal Robot: AWS S3 website can't serve security headers, may allow clickjacking
Security researcher discovered that our AWS S3 website was not serving some basic security headers like X-Frame-Options. We resolved the issue by putting nginx in front of our AWS S3 website and adding header directives. Fixed security headers can be verified here: https://schd.io/zt...
Deriv.com: Http Response Splitting - Validate link
So i found a http response splitting issue in your website. If we visit the following url: https://www.binary.com/user/validatelink?step=account&verifytoken=sometoken We will get a response header that says: Set-Cookie: verifytoken=sometoken; expires=Wed, 28 Oct 2015 23:31:35 GMT;...
Coinbase: OAuth authorization page vulnerable to clickjacking
Due to a misconfiguration, the 'authorize' button on the OAuth authorization page was vulnerable to clickjacking. The bug was fixed by ensuring our OAuth-related responses included the same security headers including X-Frame-Options as the rest of the site...
Legal Robot: Missing security headers, possible clickjacking
Security researcher discovered missing headers, including x-frame-options and content-security-policy...
RAWR - Rapid Assessment of Web Resources
Features A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc. An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information. A report on relevent security headers, courtesy of SmeegeSec. a CSV Thre...
RAWR – Rapid Assessment of Web Resources
RAWR is designed to make the process of web enumeration easy and efficient by providing pertinent information in usable formats. It uses NMaplive or from file, Metasploit, Qualys, Nexpose, or Nessus scan data to target web services for enumeration, then visits each host on each port with an...