Nmap Development mailing list archives
NSE script contribution - clickjacking-prevent-check
From: Ícaro Torres <icaro.redes.ifpb () gmail com>
Date: Tue, 3 Jan 2017 21:44:41 -0300
Hello, I would like to contribute with another NSE script in the Nmap Project. This one verifies if the X-Frame-Options (RFC 7034) is enabled in a web service and show the permissive level configured. This subject is listed in the "OWASP Testing Guide v4" (OWASP project: https://www.owasp.org/index.php?title=Testing_for_Clickjacking_(OTG-CLIENT-009)&setlang=en) and I think it is a good topic to observe in the hardening process of a web service. The script is attached. Best regards. -- Ícaro Torres Tecnólogo em Redes de Computadores - IFPB Pós-Graduado em Segurança da Informação - faculdade IDEZ Twitter: @IcaroTorres
Attachment:
clickjacking-prevent-check.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script contribution - clickjacking-prevent-check Ícaro Torres (Jan 03)
- Re: NSE script contribution - clickjacking-prevent-check Patricio Castagnaro (Jan 09)
- Re: NSE script contribution - clickjacking-prevent-check Daniel Miller (Jan 10)
- Re: NSE script contribution - clickjacking-prevent-check Ícaro Torres (Jan 10)