Skip to content

Commit ef8a2b4

Browse files
kristofhraczakristofhracza
committed
IRL Web
1 parent c85fb80 commit ef8a2b4

File tree

3 files changed

+36
-112
lines changed

3 files changed

+36
-112
lines changed

Protocols/3306 - MySQL.md

Lines changed: 0 additions & 112 deletions
This file was deleted.

Protocols/80, 443 - Web/Website Enumeration.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,7 @@ wpscan --url <url> -e ap,at,dbe,u
7878

7979
# Related Attacks and Services list
8080
This is for the **Graph View** of Obsidian
81+
## Attacks and tools
8182
- [[CRLF]]
8283
- [[CSRF]]
8384
- [[File Inclusions]]
@@ -88,3 +89,5 @@ This is for the **Graph View** of Obsidian
8889
- [[SSRF]]
8990
- [[WebDav]]
9091
- [[XSS]]
92+
## Misc
93+
- [[Web| Real Life Web Flags]]

Real-life Thinking/Web.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
2+
# HTTP Headers
3+
- Is the app missing the following headers, if so, flag it:
4+
- [ ] **Strict-Transport-Security (HSTS)**: Tells the browser to only use HTTPS.
5+
- `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
6+
- if `max-age` is more than **31536000** (1 year), flag it.
7+
- [ ] **X-Frame-Options**: Stops the app from being loaded into an `i-frame` element.
8+
- [ ] **X-Permitted-Cross-Domain-Policies** : Tells old versions of Adobe clients where to load cross-domain policy file from.
9+
- `X-Permitted-Cross-Domain-Policies: none`
10+
- [ ] **Cache-Control**: Used to tell the app not to store HTTPS response in the cache.
11+
- `Cache-control: no-set` or `Pragma: no-cache`
12+
- [ ] **Content-Security-Policy**: Helps to filter XSS or clickjacking attacks.
13+
- `Content-Security-Policy: nosniff
14+
- [ ] **Access-Control-Allow-Origin (CORS)**: This header indicates whether the response it is related to can be shared with requesting code from the given origin
15+
- [ ] If set, don't use wildcard, otherwise, remove.
16+
17+
- Does the app have the following in place, if so, flag and disable it:
18+
- [ ] **X-Powered-By**: Tells attackers the vendor of the site.
19+
- [ ] **Sever**: Shows the server name.
20+
- [ ] **X-AspNet-Version**: Provides information about the .NET version of the site.
21+
22+
# SSL/TLS
23+
*Test for these with `sslscan` or `testssl`*
24+
- [ ] Deprecated TLS versions supported: Do they support TLS version 1.2 or before?
25+
- [ ] Do they use weak cipher suites?
26+
27+
# Cookie Attributes
28+
*Are these set? If not, flag it.*
29+
- [ ] `Secure`
30+
- [ ] `HTTPOnly`
31+
32+
# References
33+
- [https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.htms](https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html)

0 commit comments

Comments
 (0)