Sample Penetration Test Report PurpleSec
– EXAMPLE INSTITUTE USE ONLY
Yüklə 1,24 Mb. Pdf görüntüsü
|
|
–
EXAMPLE INSTITUTE USE ONLY 20 PEN TEST REPORT: EXAMPLE INSTITUTE JANUARY 28, 2019 21 sales@purplesec.us caskin. xxx.xxx.11.66 The server’s certificate is not valid for the hostname. Cert is issued to 192.168.168.168, but you can reach the https certificate through this IP address. The hostname is technically not covered by the cert. HSTS is not enforced. The application fails to prevent users from connecting to it over unencrypted connections. This opens the possibility of man-in-the-middle attacks performed on the site by users who visit unencrypted links. To remedy this, add a response header with the name “Strict -Transport- Security” with an acceptable max -age expiration time. xxx.xxx.91.182 The server’s certificate is not valid for the hostname. Cert is issued to web.example.com, www.web.example.com, but you can reach the https certificate through this IP address. The hostname is technically not covered by the cert. HSTS is not enforced. The application fails to prevent users from connecting to it over unencrypted connections. This opens the possibility of man-in-the-middle attacks performed on the site by users who visit unencrypted links. To remedy this, add a response header with the name “Strict -Transport- Security” with an acceptable max -age expiration time. xxx.xxx.167.106 HSTS is not enforced. The application fails to prevent users from connecting to it over unencrypted connections. This opens the possibility of man-in-the-middle attacks performed on the site by users who visit unencrypted links. To remedy this, add a response header with the name “Strict -Transport-Se curity” with an acceptable max -age expiration time. Yüklə 1,24 Mb. Dostları ilə paylaş:
|