This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Web-metadata"

From OWASP
Jump to: navigation, search
Line 4: Line 4:
 
If you would like collaborate in this project [https://lists.owasp.org/mailman/listinfo/owasp_unmaskme_project join with us].
 
If you would like collaborate in this project [https://lists.owasp.org/mailman/listinfo/owasp_unmaskme_project join with us].
  
This information collected plus more input from other OWASP projects as [[Top 10 2013-Top 10]], will serve as the basis for the development of the [[OWASP Unmaskme Project]] as a web service.
 
 
 
Collection of HTTP and HTML metadata information in order to categorize its relevance as a sign of possible security weakness or signs of hardening in any website. The final goal is to raise web security awareness (''assessing favourably the signs of hardening and assessing negatively the signs of weakness'') with an overall interpretation of this information from any website.
 
Collection of HTTP and HTML metadata information in order to categorize its relevance as a sign of possible security weakness or signs of hardening in any website. The final goal is to raise web security awareness (''assessing favourably the signs of hardening and assessing negatively the signs of weakness'') with an overall interpretation of this information from any website.
  
Line 23: Line 21:
  
 
----
 
----
 
+
This information collected plus more input from other OWASP projects as [[Top 10 2013-Top 10]], will serve as the basis for the development of the [[OWASP Unmaskme Project]] as a web service.
  
 
{| class="wikitable" style="text-align: center; "
 
{| class="wikitable" style="text-align: center; "

Revision as of 15:25, 26 June 2013


CALL FOR CONTRIBUTORS: If you would like collaborate in this project join with us.

Collection of HTTP and HTML metadata information in order to categorize its relevance as a sign of possible security weakness or signs of hardening in any website. The final goal is to raise web security awareness (assessing favourably the signs of hardening and assessing negatively the signs of weakness) with an overall interpretation of this information from any website.

Examples of Metadata assessing
Weakness signs Hardening signs
MetaGenerator[Joomla! 1.5 X-Frame-Options[SAMEORIGIN
Microsoft-IIS/6.0 X-XSS-Protection
Apache/2.2.22(Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 UncommonHeaders[x-varnish

Proof of concept in Spanish


This information collected plus more input from other OWASP projects as Top 10 2013-Top 10, will serve as the basis for the development of the OWASP Unmaskme Project as a web service.

Server HTTP header Description More information
Apache/X.X Web server using Apache technology Technology lider in Internet
Microsoft-IIS/X Web server using Microsoft IIS technology How to modify this header
PWS Small Microsoft Web server for old Windows versions Microsoft Personal Web Server
nginx/X.X Russian web server and revere proxy Official site
lighttpd/X.X Web server optimized for speed-critical environments Official site
OpenCms/X.X Open source content management system written in Java Official site
Netscape-Enterprise/X.X Web server using old Netscape technology Current server family
Sun-ONE-Web-Server/X Web server using iPlanet web server technology Current server family
Oracle-Application-Server-Xx Web server using Oracle applications server Official site
Lotus-Domino Web server using IBM Lotus Domino technology Official site
Sun-Java-System-Web-Server/X Web server using Oracle iPlanet technology Official site
Oracle-iPlanet-Web-Server/7.0 Web server using Oracle iPlanet technology iPlanet Web server
IBM_HTTP_Server/X.X Web server using IBM technology (Apache based) How to hide version
LiteSpeed/X.X Web server using LiteSpeed technology (Apache based) How to hide version
Powered-by HTTP header Description More information
Apache/X.X Web server using Apache technology Technology lider in Internet
Microsoft-IIS/X Web server using Microsoft IIS technology How to modify this header
HTML metadata Description More information
Apache/X.X Web server using Apache technology Technology lider in Internet
Microsoft-IIS/X Web server using Microsoft IIS technology How to modify this header