Web Security Knowledge Base

ScanRepeat web application security tests (detailed list of security alerts raised by our scanner)

Top Global Security Issues in the last 30 days (most common security issues found by us globally, updated daily)

Security Vulnerabilities Identified in Software Products (most common security vulnerabilities occurrences)

Security Vulnerabilities Explained (how to identify, exploit and fix)

Timestamp Disclosure - Unix

Cross-Domain JavaScript Source File Inclusion

Absence of Anti-CSRF Tokens

User Controllable HTML Element Attribute (Potential XSS)

Reverse Tabnabbing

X-Frame-Options Header Not Set

Information Disclosure - Suspicious Comments

Server Leaks Version Information via "Server" HTTP Response Header Field

Private IP Disclosure

X-Content-Type-Options Header Missing

Cookie Without SameSite Attribute

Strict-Transport-Security Header Not Set

Content Security Policy (CSP) Header Not Set

Vulnerable Version of the Library ‘jquery’ Found

Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

Web Browser XSS Protection Not Enabled

Cookie No HttpOnly Flag

Incomplete or No Cache-control and Pragma HTTP Header Set

X-AspNet-Version Response Header Scanner

CSP Scanner: Wildcard Directive

Loosely Scoped Cookie

Cross-Domain Misconfiguration

Retrieved from Cache

User Agent Fuzzer

Anti CSRF Tokens Scanner

Proxy Disclosure

CSP Scanner: Notices

CSP Scanner: style-src unsafe-inline

Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)

CSP Scanner: script-src unsafe-inline

Charset Mismatch (Header Versus Meta Charset)

Charset Mismatch

Cookie Slack Detector

Content Security Policy (CSP) Report-Only Header Found

Strict-Transport-Security Disabled

Multiple X-Frame-Options Header Entries

Viewstate without MAC Signature (Unsure)

Information Disclosure - Sensitive Information in URL

Vulnerable Version of the Library ‘bootstrap’ Found

Hash Disclosure - Mac OSX salted SHA-1

Apache Range Header DoS (CVE-2011-3192)

Application Error Disclosure

Cookie Poisoning

Cross Site Scripting (Reflected)

External Redirect

HTTPS to HTTP Insecure Transition in Form Post

Insecure HTTP Method

Relative Path Confusion

Remote Code Execution - Shell Shock

Secure Pages Include Mixed Content

Session ID Expiry Time/Max-Age is Excessive

Session ID in URL Rewrite

Session ID Transmitted Insecurely

Trace.axd Information Leak

X-Frame-Options Setting Malformed

Potential IP Addresses Found in the Viewstate

Directory Browsing - Apache 2

HTTPS Content Available via HTTP

Information Disclosure - Debug Error Messages

Content-Type Header Missing

Session ID Cookie Accessible to JavaScript

Big Redirect Detected (Potential Sensitive Information Leak)

Session Fixation

Possible Username Enumeration

Cookie Slack Detector

Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free