News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Information Disclosure - Sensitive Information in URL

'Information Disclosure - Sensitive Information in URL' is a vulnerability that occurs when sensitive information is transmitted via a URL, which can then be accessed by unauthorized parties.

Vulnerabilities

Information Disclosure - Debug Error Messages

Information disclosure through debug error messages is a common vulnerability that can be exploited by attackers to gain sensitive information about your web application such as file paths, database queries, and user credentials.

Vulnerabilities

X-Content-Type-Options Header Missing

The 'X-Content-Type-Options Header Missing' vulnerability is a common security issue in web applications. This vulnerability arises when a web server doesn't set the 'X-Content-Type-Options' header in its response, allowing attackers to perform content-type sniffing attacks.

Vulnerabilities

X-Frame-Options Setting Malformed

If the X-Frame-Options header is not set correctly, it can lead to a vulnerability called "X-Frame-Options Setting Malformed." This vulnerability can be exploited by attackers to load the web page in a frame or iframe, which can lead to clickjacking attacks.

Vulnerabilities

X-Frame-Options Defined via META (Non-compliant with Spec)

The X-Frame-Options HTTP response header is designed to prevent clickjacking attacks. The vulnerability 'X-Frame-Options Defined via META (Non-compliant with Spec)' means that the X-Frame-Options header is being set using the 'meta' tag instead of the HTTP response header. This method can easily be bypassed by an attacker.

Vulnerabilities

Multiple X-Frame-Options Header Entries

The 'Multiple X-Frame-Options Header Entries' vulnerability occurs when a web application sends multiple X-Frame-Options headers with different values in the response. this can make your web application vulnerable to clickjacking attacks.

Vulnerabilities