- Security Headers will analyze HTTP response headers and provide basic analysis of the target site’s security posture Let’s scan www.megacorpone.com and check the results. The site is missing several defensive headers, such as
Content-Security-PolicyandX-FrameOptions. These missing headers are not necessarily vulnerabilities in and of themselves, but they could indicate web developers or server admins that are not familiar with server hardening. - Another scanning tool we can use is the SSL Server Test from Qualys SSL Labs. This tool analyzes a server’s SSL/TLS configuration and compares it against current best practices. It will also identify some SSL/TLS related vulnerabilities, such as Poodle or Heartbleed.
- the server supports TLS versions such as 1.0 and 1.1, which are deemed legacy as they implement insecure cipher suites - this ultimately suggests that our target is not applying current best practices for SSL/TLS hardening. Disabling the TLS_DHE_RSA_WITH_AES_256_CBC_SHA suite has been recommended for several years, for example, due to multiple vulnerabilities both on AES Cipher Block Chaining mode and the SHA1 algorithm
Module Progress: Recon
- Reading Now