Web Security Knowledge Base

ScanRepeat web application security tests (detailed list of security alerts raised by our scanner)

Top Global Security Issues in the last 30 days (most common security issues found by us globally, updated daily)

Security Vulnerabilities Explained (how to identify, exploit and fix)

Timestamp Disclosure - Unix

Cross-Domain JavaScript Source File Inclusion

Absence of Anti-CSRF Tokens

User Controllable HTML Element Attribute (Potential XSS)

Reverse Tabnabbing

X-Frame-Options Header Not Set

Information Disclosure - Suspicious Comments

Server Leaks Version Information via "Server" HTTP Response Header Field

Private IP Disclosure

X-Content-Type-Options Header Missing

Cookie Without SameSite Attribute

Strict-Transport-Security Header Not Set

Content Security Policy (CSP) Header Not Set

Vulnerable Version of the Library ‘jquery’ Found

Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

Web Browser XSS Protection Not Enabled

Cookie No HttpOnly Flag

Incomplete or No Cache-control and Pragma HTTP Header Set

X-AspNet-Version Response Header Scanner

CSP Scanner: Wildcard Directive

Loosely Scoped Cookie

Cross-Domain Misconfiguration

Retrieved from Cache

User Agent Fuzzer

Anti CSRF Tokens Scanner

Proxy Disclosure

CSP Scanner: Notices

CSP Scanner: style-src unsafe-inline

Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)

CSP Scanner: script-src unsafe-inline

Charset Mismatch (Header Versus Meta Charset)

Charset Mismatch

Cookie Slack Detector

Content Security Policy (CSP) Report-Only Header Found

Strict-Transport-Security Disabled

Multiple X-Frame-Options Header Entries

Viewstate without MAC Signature (Unsure)

Information Disclosure - Sensitive Information in URL

Vulnerable Version of the Library ‘bootstrap’ Found

Hash Disclosure - Mac OSX salted SHA-1

Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free