Nmap Development mailing list archives

NSE script contribution - clickjacking-prevent-check

From: Ícaro Torres <icaro.redes.ifpb () gmail com>
Date: Tue, 3 Jan 2017 21:44:41 -0300

Hello,

I would like to contribute with another NSE script in the Nmap Project.
This one verifies if the X-Frame-Options (RFC 7034) is enabled in a web
service and show the permissive level configured. This subject is listed in
the "OWASP Testing Guide v4" (OWASP project:
https://www.owasp.org/index.php?title=Testing_for_Clickjacking_(OTG-CLIENT-009)&setlang=en)
and I think it is a good topic to observe in the hardening process of a web
service.

The script is attached.

Best regards.

-- 

Ícaro Torres
Tecnólogo em Redes de Computadores - IFPB
Pós-Graduado em Segurança da Informação - faculdade IDEZ
Twitter: @IcaroTorres

Attachment: clickjacking-prevent-check.nse
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

NSE script contribution - clickjacking-prevent-check Ícaro Torres (Jan 03)
- Re: NSE script contribution - clickjacking-prevent-check Patricio Castagnaro (Jan 09)
- Re: NSE script contribution - clickjacking-prevent-check Daniel Miller (Jan 10)
  - Re: NSE script contribution - clickjacking-prevent-check Ícaro Torres (Jan 10)