#jobs #incident #vulnerability #security-tools #patch-management #ai #malware #detection-engineering #exploit #cloud #phishing #ransomware #authentication #breach #zero-day
Articles tagged with: #ssl Clear filter
What's the rationale for reporting security headers, cookie flags, etc. in pentests?

What's the rationale for reporting security headers, cookie flags, etc. in pentests?

cybersecurity www.reddit.com

Why do penetration testing reports include findings like missing security headers, weak cookie flags, detailed error messages/stack traces, open directory listings, outdated JS libraries , lack of account lockout/rate limiting, or TLS/SSL weaknesses? What's the rationale behind reporting these issues - is it just best practice, compliance (e.g. OWASP, NIST), or because they are stepping stones for bigger attacks? Which academic references or testing methodologies support including them?...

#nist #tls #ssl