Major security issues facing by the websites

Major security issues facing by the websites


Vulnerabilities Severity
1) Cross Site Scripting HIGH
2) File Upload Vulnerability HIGH
3) Directory Listing Vulnerability HIGH
4) Unencrypted Login Pages HIGH
5) Session Hijacking HIGH
6) Cross Site Request Forgery(csrf) HIGH
7) Weak Captcha Implementation MEDIUM
8) Cross Frame Scripting(css) MEDIUM
9)Internal Error Handling MEDIUM
10)Cookies are not marked as HTTPOnly LOW


• Random Tokens should be used on all critical operations.
• Ensure good and secure Session Management practices are followed.
• Configure the application to disable any kind of browsable directories
• Coding flaws and configuration flaws should be remediated immediately.
• Special characters should be filtered by the Web Application to prevent SQL
Injection and cross site scripting.
• Username and password forms should be encrypted and HTTPS should be used.
• Make sure the web server and application server are configured in a secure way.
• Ensure that none of the error messages of response pages disclose any kind of
information about the underlying systems.
• Secure Coding Methodologies should be followed to eliminate discrepancies and
prevent disclosure of information


Leave a Reply