JensFastrup
commented
1 year ago Performed OWASP ZAP auto scan on localhost:3000 revealing: ZAP Scanning Report.pdf
Open JensFastrup opened 1 year ago
JensFastrup
commented
1 year ago Performed OWASP ZAP auto scan on localhost:3000 revealing: ZAP Scanning Report.pdf
JensFastrup
commented
1 year ago Solution to X-Content-Type-Header-Missing: Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages. If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
JensFastrup
commented
1 year ago I had issues with the pages updating to no-sniff even after altering the options in the middleware... help, what is going wrong?
Pen-Test Your System
Try to test for vulnerabilities in your project by using wmap, zaproxy, or any of the tools in the list of OWASP vulnerability scanning tools).
Fix at least one vulnerability that you find; ideally one that is high in your prioritization cf. to your risk analysis.