This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Web-metadata"
Line 24: | Line 24: | ||
{| class="wikitable" style="text-align: center; " | {| class="wikitable" style="text-align: center; " | ||
+ | |+ '''Examples of Metadata assessing''' | ||
|'''Server HTTP header''' | |'''Server HTTP header''' | ||
|'''Description''' | |'''Description''' |
Revision as of 16:50, 26 June 2013
CALL FOR CONTRIBUTORS: If you would like collaborate in this project join with us.
Collection of HTTP and HTML metadata information in order to categorize its relevance as a sign of possible security weakness or signs of hardening in any website. The final goal is to raise web security awareness (assessing favourably the signs of hardening and assessing negatively the signs of weakness) with an overall interpretation of this information from any website.
Weakness signs | Hardening signs |
---|---|
MetaGenerator[Joomla! 1.5 | X-Frame-Options[SAMEORIGIN |
Microsoft-IIS/6.0 | X-XSS-Protection |
Apache/2.2.22(Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 | UncommonHeaders[x-varnish |
This information collected plus more input from other OWASP projects as Top 10 2013-Top 10, will serve as the basis for the development of the OWASP Unmaskme Project as a web service.
Server HTTP header | Description | More information |
Apache/X.X | Web server using Apache technology | Technology lider in Internet |
Microsoft-IIS/X | Web server using Microsoft IIS technology | How to modify this header |
PWS | Small Microsoft Web server for old Windows versions | Microsoft Personal Web Server |
nginx/X.X | Russian web server and revere proxy | Official site |
lighttpd/X.X | Web server optimized for speed-critical environments | Official site |
OpenCms/X.X | Open source content management system written in Java | Official site |
Netscape-Enterprise/X.X | Web server using old Netscape technology | Current server family |
Sun-ONE-Web-Server/X | Web server using iPlanet web server technology | Current server family |
Oracle-Application-Server-Xx | Web server using Oracle applications server | Official site |
Lotus-Domino | Web server using IBM Lotus Domino technology | Official site |
Sun-Java-System-Web-Server/X | Web server using Oracle iPlanet technology | Official site |
Oracle-iPlanet-Web-Server/7.0 | Web server using Oracle iPlanet technology | iPlanet Web server |
IBM_HTTP_Server/X.X | Web server using IBM technology (Apache based) | How to hide version |
LiteSpeed/X.X | Web server using LiteSpeed technology (Apache based) | How to hide version |
Alterian-CME/X.X | Web server using SDL ACM | SDL acquires Alterian |
Tengine | Web server using Tengine technology (nginx based) | Need more information |
eZ Publish | Web server using EZ technology | Open Source CMS |
GSE | Web server using Google infrastructure (blogger) | Need more information |
gws | Web server using Google infrastructure (search pages) | Need more information |
sffe | Web server using Google infrastructure (static files) | Need more information |
tfe | Web server using Twitter infrastructure | Need more information |
YTS | Web server using Yahoo! infrastructure | Need more information |
cloudflare-nginx | Web server using CloudFlare infrastructure | Need more information |
Powered-by HTTP header | Description | More information |
PHP/x.x | Web server using PHP technology | How to remove header |
ASP.NET | Web server using Microsoft ASP technology | Custom headers |
Servlet/X.X JSP/X.X | Web server using Tomcat application server | Header implementation |
Plesklin | Web server using Parallels technology | How to disable header |
(mod_rails/mod_rack) | Web server using Ruby on Rails technology | Phusion Passenger |
ARR/X.X | Web server using IIS with request routing technology | More header information |
HTML metadata | Description | More information |
Apache/X.X | Web server using Apache technology | Technology lider in Internet |
Microsoft-IIS/X | Web server using Microsoft IIS technology | How to modify this header |