WASC-15 Web Vulnerability & Security Checks | Invicti

Home / Vulnerabilities / WASC-15 / Page 3

Select Category

Search Vulnerability

Vulnerability Name

Classifications

Severity

Missing Content-Type Header

PCI v3.2-6.5.7, CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Missing X-Content-Type-Options Header

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Phishing by Navigating Browser Tabs

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

RoR Database Configuration File Detected

CWE-285, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Subresource Integrity (SRI) Hash Invalid

CWE-16, ISO27001-A.14.2.5, WASC-15

Low

ViewState is not Encrypted

CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2017-A6

Low

WP Engine Configuration File Detected

CWE-285, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Content Security Policy (CSP) Not Implemented

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

SameSite Cookie Not Implemented

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

SameSite None Cookie Not Marked as Secure

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

Subresource Integrity (SRI) Not Implemented

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

An Unsafe Content Security Policy (CSP) Directive in Use

CWE-16, ISO27001-A.14.2.5, WASC-15

Information

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works