Knowledge Base

Back to Knowledge Base

Support Center

Remediation tips

  • Missing HttpOnly flag on cookies

    When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS co...

    Aug 05, 2016 12:26PM CEST
  • Execution After Redirect (EAR)

    A redirect can be ignored by an attacker, so it’s very important to refrain from sending sensitive data that a...

    Jul 25, 2016 11:50AM CEST
  • HTTP Response Splitting (HRS)

    This attack may also be called a CRLF injection. Description If an attacker manages to inject malicious ...

    Jul 25, 2016 11:51AM CEST
  • Relative Path Overwrite

    Relative Path Overwrite (RPO) is a technique where an attacker can overwrite the target file of a relative URL...

    Jul 25, 2016 11:51AM CEST
  • Missing/insufficient SPF record

    When a domain lacks an SPF policy, an attacker is able to send spoofed emails that look like they’re originati...

    May 26, 2017 11:55AM CEST
  • Full Path Disclosure

    Full Path Disclosure refers to being able to see the full path of something hosted on the server. It’s often, ...

    Jul 25, 2016 11:53AM CEST
  • HTML Comments

    HTML comments are part of the standard HTML. They only act as a comment in the code, having no effect on execu...

    Jul 25, 2016 09:37AM CEST
  • Insecure Direct Object Reference (IDOR)

    If a reference to an internal implementation object, such as a file or database key, is exposed to a user with...

    Sep 05, 2017 05:07PM CEST
  • Open Redirect

    An open redirect occurs if an application takes a parameter and redirects the user to that URL without any oth...

    Sep 05, 2017 05:05PM CEST
  • Missing DKIM record

    DKIM is one of the available protections against spoofed emails. What can happen? Spoofing can be used t...

    Aug 04, 2016 05:48PM CEST
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found