This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Fingerprinting"
(initial page setup) |
James Landis (talk | contribs) m |
||
Line 9: | Line 9: | ||
=== Browser / Standards Solution === | === Browser / Standards Solution === | ||
+ | |||
+ | None | ||
=== Perimeter Solution === | === Perimeter Solution === | ||
Line 21: | Line 23: | ||
=== Custom Framework Solution === | === Custom Framework Solution === | ||
+ | |||
+ | None | ||
=== Custom Code Solution === | === Custom Code Solution === | ||
+ | |||
+ | None | ||
=== Discussion / Controversy === | === Discussion / Controversy === | ||
+ | |||
+ | None | ||
=== References === | === References === | ||
[http://cwe.mitre.org/data/definitions/201.html Information Exposure Through Sent Data (CWE-201, MITRE)]<br> | [http://cwe.mitre.org/data/definitions/201.html Information Exposure Through Sent Data (CWE-201, MITRE)]<br> | ||
[http://cwe.mitre.org/data/definitions/538.html File and Directory Information Exposure (CWE-538, MITRE)]<br> | [http://cwe.mitre.org/data/definitions/538.html File and Directory Information Exposure (CWE-538, MITRE)]<br> |
Latest revision as of 18:59, 20 July 2013
Return to Periodic Table Working View
Fingerprinting
Root Cause Summary
One or several components of the underlying software and framework leak version information. This could help an attacker to identify which components are vulnerable. This issue is mitigated by removing all version information.
Browser / Standards Solution
None
Perimeter Solution
Infrastructure should not leak information which can be used to identify the specific version of platform or infrastructure technology. Perimeter technologies should strip all such version information from outgoing responses.
Generic Framework Solution
- URL structure should not reveal the underlying technology. Default content should be removed when possible.
- Make sure that only generic error pages are shown without showing any information of the underlying system.
- Remove all development and debugging tools.
Custom Framework Solution
None
Custom Code Solution
None
Discussion / Controversy
None
References
Information Exposure Through Sent Data (CWE-201, MITRE)
File and Directory Information Exposure (CWE-538, MITRE)