Please refer to the "Recommendations section" for each vulnerability.
This section provides a detailed solution for modifying vulnerabilities.
Host header attack ---- web application should use SERVER_NAME instead of Host header.
It creates a virtual host that captures all requests with unidentified Host headers.
This can also be done in Nginx by specifying SERVER_NAME without wildcarding and using serverName without wildcards in Apache, and opening the UseCanonicalName directive.
You can view more information on how to avoid vulnerabilities through the "Slow HTTP Denial of Service Attack".
With HTML form without CSRF protection, you can see if this form requires CSRF protection and whether you need to implement CSRF policies if necessary.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved
