Header Scanner/EN: Unterschied zwischen den Versionen

Aus Siwecos
Wechseln zu: Navigation, Suche
Zeile 4: Zeile 4:
 
Unseen by the user, the header ([[Header|HTTP-Header Protokoll]]) of a website is exchanged between the [[Client]] and the [[Server]] for every query and response. The [[Header]] influences the behavior of the browser on the user side. Largely, these are handled independently of the queried [[Webanwendung|Webapplikation]] and are defined in the webserver configurations. The [[Header Scanner|HTTP-Security-Header-Scanner]] now allows you to examine the header ([[HTTP]]-Header) of your web application for insecure configurations. The scanner ([[Crawler]]) checks the information of the [[HTTP]]-header of your website and generates a report on any vulnerabilities found that could enable an attacker to execute attacks via faked sender IP addresses ([[IP-Spoofing|Spoofing]]).<br>
 
Unseen by the user, the header ([[Header|HTTP-Header Protokoll]]) of a website is exchanged between the [[Client]] and the [[Server]] for every query and response. The [[Header]] influences the behavior of the browser on the user side. Largely, these are handled independently of the queried [[Webanwendung|Webapplikation]] and are defined in the webserver configurations. The [[Header Scanner|HTTP-Security-Header-Scanner]] now allows you to examine the header ([[HTTP]]-Header) of your web application for insecure configurations. The scanner ([[Crawler]]) checks the information of the [[HTTP]]-header of your website and generates a report on any vulnerabilities found that could enable an attacker to execute attacks via faked sender IP addresses ([[IP-Spoofing|Spoofing]]).<br>
  
*[[Content-Security-Policy-Schwachstelle/EN|CONTENT-SECURITY-POLICY]]<br>
+
*[[Content-Security-Policy-Vulnerability/EN|CONTENT-SECURITY-POLICY]]<br>
*[[Content-Type-Nicht-Korrekt/EN|CONTENT-TYPE]]<br>
+
*[[Content-Type-Not-Correct/EN|CONTENT-TYPE]]<br>
 
* PUBLIC-KEY-PINS (HPKP is not currently under review)<br>
 
* PUBLIC-KEY-PINS (HPKP is not currently under review)<br>
<!--[[Public-Key-Pins-Deaktiviert/DE|PUBLIC-KEY-PINS]] (<span style="color:#c31622"><b>Achtung:</b></span> HPKP wird derzeit nicht überprüft)<br>-->
+
<!--[[Public-Key-Pins-Disabled/EN|PUBLIC-KEY-PINS]] (<span style="color:#c31622"><b>Achtung:</b></span> HPKP wird derzeit nicht überprüft)<br>-->
*[[Keine-Verschluesselung-Gefunden/EN|STRIKT-TRANSPORT-SECURITY]]<br>
+
*[[No-Encryption-Found/EN|STRIKT-TRANSPORT-SECURITY]]<br>
*[[X-Content-Type-Options-Schwachstelle/EN|X-CONTENT-TYPE-OPTIONS]]<br>
+
*[[X-Content-Type-Options-Vulnerability/EN|X-CONTENT-TYPE-OPTIONS]]<br>
*[[X-Frame-Options-Schwachstelle/EN|X-FRAME-OPTIONS]]<br>
+
*[[X-Frame-Options-Vulnerability/EN|X-FRAME-OPTIONS]]<br>
 
*[[XSS-Schwachstelle/EN|X-XSS-PROTECTION]]
 
*[[XSS-Schwachstelle/EN|X-XSS-PROTECTION]]

Version vom 20. August 2018, 12:02 Uhr

HTTP-Security-Header-Scanner

Unseen by the user, the header (HTTP-Header Protokoll) of a website is exchanged between the Client and the Server for every query and response. The Header influences the behavior of the browser on the user side. Largely, these are handled independently of the queried Webapplikation and are defined in the webserver configurations. The HTTP-Security-Header-Scanner now allows you to examine the header (HTTP-Header) of your web application for insecure configurations. The scanner (Crawler) checks the information of the HTTP-header of your website and generates a report on any vulnerabilities found that could enable an attacker to execute attacks via faked sender IP addresses (Spoofing).