python/scripts/watcher/report-v1.4.0.1.html
Generated: 2012-07-13 18:27
26%
Pass: 11
Fail: 31
Total: 42
| Page | Result | Pass | Fail | Other |
|---|---|---|---|---|
| Check.Pasv.Asp.Net.ViewState.Mac.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Charset.Mismatch.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Charset.Utf8.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Cookie.HttpOnly.php | PASS  | HttpOnly | XFrame XContent | |
| Check.Pasv.Cookie.LooselyScoped.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Cookie.Secure.php | PASS  | InsecureCookie | XFrame CacheControl XContent | |
| Check.Pasv.CrossDomain.FormSubmit.php | FAIL  | XFrame CSRF XContent | ||
| Check.Pasv.CrossDomain.JavascriptReference.php | FAIL  | XFrame XContent | ||
| Check.Pasv.CrossDomain.ScriptReference.php | PASS  | CrossJS | XFrame XContent | |
| Check.Pasv.CrossDomain.StyleSheetInclusion.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Flash.AllowScriptAccess.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Flash.CrossDomain.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Header.CacheControl.php | PASS  | CacheControl | XFrame XContent | |
| Check.Pasv.Header.ContentTypeMissing.php | PASS  | XContent | NoContentHeader | |
| Check.Pasv.Header.FrameOptions.php | PASS  | XFrame | XContent | |
| Check.Pasv.Header.IeXssProtection.php | FAIL  | XFrame IE8XSSfilter XContent | ||
| Check.Pasv.Header.InternalIp.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Header.MimeSniff.php | PASS  | NoContentHeader | XContent | |
| Check.Pasv.Header.WeakAuth.php | PASS  | WeakAuth | XFrame XContent | |
| Check.Pasv.InformationDisclosure.Comments.php | FAIL  | XFrame XContent | ||
| Check.Pasv.InformationDisclosure.DatabaseErrors.php | PASS  | InfoDb | XFrame XContent | |
| Check.Pasv.InformationDisclosure.DebugErrors.php | PASS  | InfoDebug | XFrame XContent | |
| Check.Pasv.InformationDisclosure.InUrl.php | PASS  | InfoUrl | XFrame XContent | |
| Check.Pasv.InformationDisclosure.ReferrerLeak.php | FAIL  | InfoUrl XFrame XContent | ||
| Check.Pasv.Java.ViewState.Uncompressed.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Java.ViewState.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Javascript.DomainLowering.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Javascript.Eval.php | FAIL  | XFrame XContent | ||
| Check.Pasv.SSL.CertValidation.php | FAIL  | XFrame CacheControl XContent | ||
| Check.Pasv.SSL.InsecureFormLoad.php | FAIL  | XFrame CSRF XContent | ||
| Check.Pasv.SSL.InsecureFormPost.php | FAIL  | XFrame CacheControl CSRF XContent | ||
| Check.Pasv.SSL.StrictTransportSecurity.php | FAIL  | XFrame CacheControl XContent | ||
| Check.Pasv.SSL.Version.php | FAIL  | XFrame CacheControl XContent | ||
| Check.Pasv.SharePoint.DocLib.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Silverlight.ClientAccessPolicy.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Silverlight.EnableHtmlAccess.php | FAIL  | XFrame XContent | ||
| Check.Pasv.Unicode.InvalidUTF8.php | FAIL  | XFrame XContent | ||
| Check.Pasv.UserControlled.Charset.php | FAIL  | XFrame XContent | ||
| Check.Pasv.UserControlled.Cookie.php | FAIL  | XFrame XContent | ||
| Check.Pasv.UserControlled.HtmlAttributes.php | FAIL  | XFrame CSRF XContent | ||
| Check.Pasv.UserControlled.JavascriptEvent.php | FAIL  | XFrame CSRF XContent | ||
| Check.Pasv.UserControlled.JavascriptProperty.php | FAIL  | XFrame XContent |
| Alert | Description |
|---|---|
| Auto | Password Autocomplete in browser |
| CSRF | Cross Site Request Forgery |
| CacheControl | Incomplete or no cache-control and pragma HTTPHeader set |
| CrossJS | Cross-domain JavaScript source file inclusion |
| HttpOnly | Cookie set without HttpOnly flag |
| IE8XSSfilter | IE8's XSS protection filter not disabled |
| InfoDb | Information disclosure - database error messages |
| InfoDebug | Information disclosure - debug error messages |
| InfoUrl | Information disclosure - sensitive informations in URL |
| InsecureCookie | Cookie set without secure flag |
| NoContentHeader | Content-Type header missing |
| SQLfp | SQL Injection Fingerprinting |
| SQLi | SQL Injection |
| WeakAuth | Weak HTTP authentication over an unsecured connection |
| XContent | X-Content-Type-Options header missing |
| XFrame | X-Frame-Options header not set |
| XSS | Cross Site Scripting |