This page lists all vulnerabilities that can be detected by Invicti.
Vulnerability Name | Classifications | Severity |
---|---|---|
Content Security Policy (CSP) Not Implemented | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
Expect-CT Not Enabled | CWE-16; ISO27001-A.14.1.2; WASC-15 | Best Practice |
Insecure Transportation Security Protocol Supported (TLS 1.1) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Best Practice |
Missing X-XSS-Protection Header | CWE-16; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-15 | Best Practice |
Referrer-Policy Not Implemented | CWE-200; ISO27001-A.14.2.5; OWASP 2013-A6; OWASP 2017-A3 | Best Practice |
SameSite Cookie Not Implemented | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
SameSite None Cookie Not Marked as Secure | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
Subresource Integrity (SRI) Not Implemented | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |