Sensitive Data Header
Hi, in this part of Extreme Vulnerable Node Application we do not have any input to be given. But here we could see easily that the header is exposed through which any user could find which technologies we are using and find exploit easily.
So our (Developer) aim should be to hide those sensitive data from header while sending any information to the user.
Extreme vulnerable node application is available at Github https://github.com/vegabird/xvna and you can download it and test on your localhost.
Prevention:
In the header, we need to avoid sending the additional information like server name, language name or version.
Related Articles
Sensitive Data Exposure
Hi, in this video we are going to see how do we crack the sensitive data exposure of Extreme Vulnerable Node Application (XVNA). This vulnerability can be found in any attack and on any module, where we could see extra data or sensitive data which a ...Insecure Data Storage
Hi guys, today we are going to see the Insecure Data Storage from the OWASP Top 10 mobile. In this there we have few important storage type through which we face problems(vulnerabilities). The types are as follows SQL Databases. Log Files. XML Data ...RESTAPI Vulnerability Scanner
Hi, This post is regarding VOOKI – RESTAPI Vulnerability Scanner. Before you learn about RESTAPI Vulnerability Scanner. You need to learn few things please read below. First, we learn about what is Web Service? WEB SERVICE: A web service is a ...OWAP TOP 10 2017
Application Security Risk 2017 The OWASP top ten has been changed and following list is the updated. A1:2017 – Injection A2:2017 – Broken Authentication A3:2017 – Sensitive Data Exposure A4:2017 – XML External Entities (XXE) A5:2017 – Broken Access ...XML External Entity Injection
Hi, This post is regarding XML External Entity Injection. An XML External Entity attack is a type of attack against an application that parses XML input. Attacks can include disclosing local files, which may contain sensitive data such as passwords ...