News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

X-Frame-Options Header Not Set

X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.

Vulnerabilities

Content-Type Header Missing

The Content-Type Header Missing vulnerability is a common security flaw that occurs when a web application fails to set the correct MIME type in the Content-Type header of a response. This vulnerability can enable attackers to inject malicious code into the application or cause it to malfunction.

Vulnerabilities

Cross-Domain JavaScript Source File Inclusion

Cross-Domain JavaScript Source File Inclusion occurs when your web application loads JavaScript files from an external domain without proper validation, allowing an attacker to inject their own code and potentially take control of the application.

Vulnerabilities

Incomplete or No Cache-control Header Set

The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content.

Vulnerabilities

Cookie Without Secure Flag

If a cookie is not secure, it can be vulnerable to man-in-the-middle (MITM) attacks, where an attacker can intercept the data being transmitted between the client and the server, and potentially gain access to sensitive information or hijack the session. To prevent this type of attack, we need to set the 'secure' flag on the cookie.

Vulnerabilities

Cookie No HttpOnly Flag

When the HttpOnly flag is not set, it is possible for attackers to use cross-site scripting (XSS) attacks to steal sensitive data from cookies.

Vulnerabilities