Hi forum friends,
During my automated security scannings
I have found that an enormous amount of websites
are still vulnerable to configuration insecurities.
These insecurities are grossly underestimated
by webmasters and sloppy IT staff alike,
opening up a goldmine of unintended information for malicious attackers.
At least security through obscurity should be a priority.
Important insecurities found:
1. excessive headers
(info can be used to pinpoint security flaws to attackers).
2. clickjacking (X-frame option header not returned),
malcontent can be embedded in a frame.
ASP netsites can be scanned here at:
https://asafaweb.com/Scan?Url=Other sites can be scanned at: safersite.de
polonus