Epic #51
Updated by rashmita rout about 1 month ago
1. Clickjacking:-
Preventing the browser from loading the page in frame using
the X-Frame-Options or Content Security Policy (frameancestors) HTTP headers.
2. Clear text password submission:-
Ensure that user passwords are never transmitted, processed, or stored in cleartext by enforcing strong cryptographic hashing, encrypted transport, and secure cookie handling
3. Improper Error handling:-
Prevent leakage of internal system details through error messages.
customizing error messages with limited information strikes a balance between informing users about issues and maintaining a user-friendly interface, all while safeguarding sensitive technical details.
Disabling or limiting detailed error handling involves configuring a system to refrain from displaying intricate technical information, such as debug information, stack traces, or file paths, to end users.
4. Lack Of Security Header:-
Implement security headers such as X-XSS-Protection,
Content-Security-Policy, Referrer Policy, X-Content-TypeOptions, Permiss+D6+D32