Web Asset Scanning & Rating
Cyberfame helps to identify potential security risks and vulnerabilities in a website's software assets. For Web Asset Scanning & Rating we use the following rating criteria.
- 1.What is being tested?
The CSP test evaluates the effectiveness of Content Security Policies on websites, assessing if a policy is in place and properly configured to counter attacks like cross-site scripting (XSS) and data injection. Examples of risks that a CSP can help mitigate include:
- XSS attacks, block malicious code execution from untrusted sources.
- Data exfiltration, restricting data transmission to external locations by limiting network requests to trusted domains.
- Clickjacking, preventing hidden button or link execution by obstructing content from untrusted sources.
- Resource loading attacks, thwarting malicious code from loading additional resources by disallowing network requests to untrusted domains.
- Malvertising, stopping the execution of malicious code in ads on vulnerable websites by blocking scripts from untrusted sources.
- 2.What are the benefits of having that respective aspect covered?
- Limitation of data exfiltration, reducing the risk of unauthorized data access.
- Detection of code injection attempts, offering reports of policy violations.
- Increased user trust, demonstrating a commitment to maintaining secure and up-to-date software.
- 3.What problems can occur if that aspect is neglected?
Neglecting an effective CSP can lead to significant risks:
- Increased susceptibility to XSS attacks, data breaches, and unauthorized access to sensitive information.
- Compromised system integrity, making recovery from security incidents or prevention of future attacks more challenging.
- Damaged project reputation, user trust, and potential financial losses or legal consequences.
- 1.What is being tested?
The Contribute.json test examines the presence and quality of a Contribute.json file on a website. This file adheres to a standardized JSON schema containing critical information about a project's contribution process, including contact information, license details, code repository, and contribution guidelines. Risks associated with not having a Contribute.json file or having incomplete or incorrect information include:
- Ambiguity surrounding the contribution process leads to reduced collaboration and engagement.
- Security risks are due to inadequate guidelines, potentially allowing malicious code or insecure contributions.
- 2.What are the benefits of having that respective aspect covered?
Addressing these risks provides several advantages:
- Improved user trust by maintaining transparent guidelines and a commitment to open collaboration.
- Enhanced security by ensuring contributions adhere to safe and secure practices, protecting users from potential harm.
- Increased engagement and collaboration by offering clear, structured instructions on contribution procedures.
- 3.What problems can occur if that aspect is neglected?
Neglecting this aspect could result in:
- Inconsistency about how to contribute to a project, hindering collaboration and engagement .
- Introduction of security risks and other issues due to unclear or inconsistent contribution guidelines.
- 1.What is being tested?
The Cookies test scrutinizes a website's cookie security, focusing on aspects such as secure and HTTP-only flags, expiration times, path and domain attributes, and cookie-related headers like the Set-Cookie header. The test also examines SameSite attribute support and the use of secure channels for transmitting cookies. Risks and vulnerabilities tied to insufficient cookie security include:
- Session hijacking: Attackers exploit stolen session cookies to access sensitive data or perform unauthorized actions.
- Cross-site scripting (XSS) and cross-site request forgery (CSRF): Malicious code injection allows attackers to steal cookies or carry out actions on the user's behalf.
- Information disclosure and cookie theft: Sensitive data within cookies can be intercepted or leaked.
- 2.What are the benefits of having that respective aspect covered?
Addressing these risks offers several advantages:
- Enhanced security: Proper cookie management protects sensitive data and prevents unauthorized access.
- Improved user trust: Strong security measures demonstrate a commitment to privacy and security, fostering trust.
- Compliance with regulations: Compliance with data protection regulations, such as the GDPR, requires robust security measures.
- Optimized website performance and protection against attacks: Proper cookie use improves website performance and safeguards against various threats.
- 3.What problems can occur if that aspect is neglected?
Neglecting cookie security may lead to:
- Compromised user accounts and stolen personal information, damaging the website or organization's reputation.
- Legal consequences and penalties for non-compliance with data protection regulations.
- Weakened website performance and user experience due to suboptimal cookie use.
- 1.What is being tested?
The CORS test evaluates a website's implementation of Cross-Origin Resource Sharing (CORS) policies. This web security mechanism enables web pages from one domain to request resources from another domain securely. The test checks for potential issues such as:
- Allowing all origins (*)
- Granting access to untrusted domains
- Permitting overly permissive access control settings
- 2.What are the benefits of having that respective aspect covered?
Properly implementing CORS policies offers several benefits:
- Improved security: By configuring CORS policies correctly, website owners can prevent unauthorized access to sensitive resources and data, reducing the risk of data breaches and security incidents.
- Protection of user data: CORS policies help protect user data, such as cookies and session tokens, from unauthorized access or theft.
- Enhanced user trust: Websites that implement secure CORS policies can build trust among users, who may be more likely to continue using the website if they feel their data is safe and secure.
- Compliance with industry standards: Many industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS), require secure implementation of CORS policies.
- 3.What problems can occur if that aspect is neglected?
Neglecting CORS policies can lead to:
- Unauthorized access to sensitive resources and data, results in data breaches and theft of sensitive information.
- Reputational damage, legal or regulatory penalties, and financial losses.
- Undermined user trust and confidence in the website's services, leading to decreased traffic and revenue.
- 1.What is being tested?
The HPKP test gauges a website's implementation of HTTP Public Key Pinning (HPKP), which dictates that website visitors establish connections only with servers owning specific public keys. HPKP aims to thwart Man-in-the-Middle (MitM) attacks where malicious entities intercept client-server traffic and manipulate it. However, HPKP is deprecated and Certificate Transparency (CT) and HTTP Strict Transport Security (HSTS) are recommended as alternatives.
- 2.What are the benefits of having that respective aspect covered?
Ensuring proper implementation of HPKP (or its alternatives) yields benefits such as:
- Strengthened website security: Increased defense against MitM attacks.
- Heightened user trust: Demonstrated commitment to website security, fostering visitor confidence.
- Compliance with industry standards: Adherence to web security best practices.
- 3.What problems can occur if that aspect is neglected?
Failing to address HPKP or its alternatives can lead to:
- MitM attacks: Heightened risk of compromised sensitive data.
- Security vulnerabilities: Compromised website security and potential loss of user data.
- Eroded reputation: Diminished user trust in the website and its services.
- Compliance issues: Failure to meet industry standards and best practices for web security.
- 1.What is being tested?
The HTTP redirection test scrutinizes a website's redirection mechanism, analyzing the redirect chain for any insecure or malicious redirects and potential mixed content warnings. This assessment seeks to ensure that visitors are not redirected to harmful destinations and that website security remains uncompromised.
- 2.What are the benefits of having that respective aspect covered?
Addressing redirection risks yields benefits such as:
- Heightened user trust: Demonstrated commitment to security and reliability.
- Compliance with industry standards: Adherence to web security best practices.
- 3.What problems can occur if that aspect is neglected?
Neglecting the HTTP redirection test can lead to:
- Phishing attacks: Increased risk of redirection to malicious websites.
- Compromised website security: Potential loss of sensitive information.
- Eroded reputation: Loss of user trust in the website and its services.
- Compliance issues: Failure to meet industry standards and best practices for web security.
- 1.What is being tested?
The referrer-policy test examines a website's implementation of the Referrer-Policy header, assessing its efficacy in managing the information shared in the HTTP referrer header when users navigate to another site. Addressing identified risks, vulnerabilities, and issues can bolster security, user trust, and other pertinent factors while reducing the risk of information leakage, data breaches, and cybercrime.
- 2.What are the benefits of having that respective aspect covered?
- Enhanced overall security: Reducing information leakage, data breaches, and cybercrime risks.
- Greater user trust: Demonstrating user privacy protection and data confidentiality.
- Improved compliance: Adhering to industry standards and best practices for web security.
- 3.What problems can occur if that aspect is neglected?
Neglecting proper referrer-policy configuration can lead to:
- Information leakage: Revealing sensitive user browsing behavior data.
- CSRF attacks: Increased vulnerability to CSRF attacks, enabling unauthorized actions.
- Privacy violations: Exposing sensitive information about the user's identity or location.
- Non-compliance: Failing to adhere to industry standards and best practices, damaging reputation and trustworthiness.
- 1.What is being tested?
The HTTP Strict Transport Security (HSTS) test evaluates a website's implementation of the HSTS header within its HTTP response. By mandating HTTPS connections, HSTS ensures encrypted communication between client and server, thereby enhancing security, user trust, and compliance with industry standards.
- 2.What are the benefits of having that respective aspect covered?
- Strengthened security: Encrypted connections protect sensitive user data from interception and eavesdropping.
- Downgrade attack prevention: HSTS thwarts attempts to downgrade connections from HTTPS to HTTP.
- Compliance: Adherence to industry standards, including OWASP Top Ten and PCI DSS, bolsters the website's reputation and trustworthiness.
- 3.What problems can occur if that aspect is neglected?
Failure to properly configure HSTS can lead to:
- Man-in-the-middle attacks: Unencrypted connections expose sensitive information, such as login credentials and financial data, to interception.
- Session hijacking: Attackers can seize control of user accounts and execute unauthorized actions.
- Traffic tampering: Malicious actors can manipulate unencrypted traffic, injecting malware or redirecting users to phishing sites.
- Non-compliance: Neglecting HSTS implementation may result in non-adherence to industry standards, damaging the website's reputation and trustworthiness.
- 1.What is being tested?
The Subresource Integrity (SRI) test assesses a website's implementation of SRI, a security feature that verifies the integrity of third-party resources loaded by the website to prevent tampering and exploitation. Proper SRI configuration strengthens overall security, enhances user trust, and adheres to industry standards.
- 2.What are the benefits of having that respective aspect covered?
- Enhanced security: SRI mitigates risks of third-party resource tampering, supply chain attacks, and XSS attacks, fortifying a website's security.
- Improved user trust: With SRI, users can be confident that the website's resources are untampered, ensuring data protection.
- Compliance: SRI implementation aligns with industry standards and best practices for web security, bolstering the website's reputation.
- 3.What problems can occur if that aspect is neglected?
Neglecting SRI configuration can lead to:
- Third-party resource tampering: Attackers can manipulate resources such as scripts, stylesheets, and images, injecting malicious code that compromises user data and redirects users to phishing sites.
- Supply chain attacks: Compromised third-party resources can grant attackers access to a website's infrastructure, allowing them to steal sensitive information or propagate malware.
- Cross-site scripting (XSS) attacks: Malicious code injected into third-party resources can result in XSS attacks, wherein user data is compromised and unauthorized actions are executed.
- Non-compliance: Failure to implement SRI can breach industry standards and best practices, damaging the website's trustworthiness.
- 1.What is being tested?
The X-Content-Type-Options test evaluates a website's implementation of the X-Content-Type-Options header, a security feature that thwarts MIME sniffing attacks. Proper configuration enhances overall security, boosts user trust, and complies with industry standards.
- 2.What are the benefits of having that respective aspect covered?
A well-configured X-Content-Type-Options header provides:
- Enhanced security: The header prevents MIME sniffing and XSS attacks, bolstering a website's security.
- Improved user trust: With proper MIME type declarations, the header ensures user trust and protects data from theft or misuse.
- Compliance: Adherence to industry standards and best practices in web security reinforces a website's reputation.
- 3.What problems can occur if that aspect is neglected?
Neglecting X-Content-Type-Options header configuration can lead to:
- MIME sniffing attacks: Attackers exploit MIME type detection vulnerabilities to execute malicious code, compromising user data and redirecting users to phishing sites.
- Cross-site scripting (XSS) attacks: MIME sniffing vulnerabilities allow attackers to inject malicious code into a webpage, enabling XSS attacks that steal user data and execute unauthorized actions.
- Non-compliance: Failure to implement the X-Content-Type-Options header breaches industry standards and best practices, harming a website's trustworthiness.
- 1.What is being tested?
The X-Frame-Options test examines a website's HTTP response to ensure the proper inclusion of the X-Frame-Options security header, which safeguards against clickjacking attacks. Proper configuration can bolster overall security, increase user trust, and adhere to industry standards.
- 2.What are the benefits of having that respective aspect covered?
A correctly configured X-Frame-Options header provides:
- Protection against clickjacking: Proper settings shield users from clickjacking attacks, where attackers manipulate transparent iframes to hijack clicks.
- Enhanced security: The header ensures that a site's content displays only in trusted contexts, preventing unauthorized access or data theft.
- Increased user trust: Users gain confidence in a site's security measures when it mitigates vulnerabilities and adheres to best practices.
- 3.What problems can occur if that aspect is neglected?
Neglecting the X-Frame-Options header can result in:
- exposesClickjacking attacks: Absent or improper settings leave users vulnerable to clickjacking, which can lead to data theft or unauthorized actions.
- Compromised security: Insecure application displays risk injection of malicious code and expose sensitive data.
- Reduced user trust: Unaddressed vulnerabilities tarnish a service's reputation and undermine user confidence.
- 1.What is being tested?
The X-XSS-Protection test evaluates the implementation of the X-XSS-Protection header, a security measure designed to defend against cross-site scripting (XSS) attacks by activating built-in browser filtering mechanisms. The test ensures appropriate configuration, enhancing security and adhering to industry standards.
- 2.What are the benefits of having that respective aspect covered?
Implementing a properly configured X-XSS-Protection header provides:
- Strengthened security: This header deters XSS attacks and reduces the risk of data breaches or other incidents.
- Enhanced user trust: Mitigating vulnerabilities preserves user confidence in a site's security measures.
- 3.What problems can occur if that aspect is neglected?
Neglecting the X-XSS-Protection header may result in:
- Vulnerability to XSS attacks: Absent or incorrect configuration can expose sensitive data and enable malware installation.
- Damage to reputation: Security breaches harm a website's credibility.
- Legal or regulatory consequences: Inadequate security may lead to penalties or sanctions.