X-CONTENT-TYPE-OPTIONS (anti-sniffing) X-XSS-PROTECTION (cross-site scripting filtering) Adding secure header responses from IIS and Tomcat tightens security and can prevent malicious attacks against your SBM system.
Report creation and execution Passed. False positive response header finding Code inspection shows that this is cleaned up correctly after a redirect. User profile modification Passed.
Note: If you are running HTTPS with secure response headers , URLs that do not match the SBM host name will NOT be allowed. See the resolution to disable url widgets in SBM 11.7.1 and 11.8.
Summary file on the Application Engine server is now encrypted. CRSF Vulnerability with Empty SSO Token Header (DEF310972) Fixed a CSRF vulnerability that could occur when an empty ALFSSOAuthToken header was provided.
■ Micro Focus evaluated the results of the scans, looking for requests with potential vulnerabilities. ■ Communication attacks (HTTP header and query string analysis) ■ Authentication attacks (cross-site request forgery attacks [CSRF]) SBM provides customization of this sanitization via SBM Application Administrator.
4. Click Apply and make sure that the IIS service is restarted. Adding a Rule to Enforce the “application/json” Request Header for all JSONPage Application Engine Requests