$ 30
Budget
7
Proposals
5672
Views
Freezed and Awarded
Status
Skills Required
Project Details
To Fix below vulnerability points and enhance the site's security.:
The audit shows that the website has several security vulnerabilities that, while mostly classified as medium or low severity, need attention to prevent exploitation by attackers. It is recommended that the provided recommendations be followed to address these issues and enhance the site's security. These explanations are based on the reports and highlight the importance of regularly updating libraries, securing configuration files, and implementing security policies like CSP to protect users and site data.
- Accessible Development Configuration Files
- Vulnerable JavaScript Libraries
- Cookies Not Marked as Secure
- Cookies Not Marked as HttpOnly
- Insecure iframes
- Content Security Policy (CSP) Not Implemented
- Outdated JavaScript Library Versions
- This also will include also removing ongoing current Malware and removing emails/servers from the Blacklist
you will work under NDA.
1 week to fix it.
30$ + bonus 5$ dollars / above weakness fixed
- Context:
A security audit was performed to identify vulnerabilities on the website. The report discovered several types of vulnerabilities, categorized by their severity: critical, high, medium, low, and informational.
- Medium Severity Vulnerabilities
Accessible Development Configuration Files:
Description: Configuration files (like Vagrantfile, Gemfile, Rakefile) were found on the website. These files can contain sensitive information that could help an attacker prepare more advanced attacks.
Example: https://www.upmychain.com/package-lock.json.
Recommendation: Remove or restrict access to these files.
Vulnerable JavaScript Libraries:
Description: Usage of vulnerable versions of JavaScript libraries.
Example: TinyMCE 4.6.5, which has a Cross-Site Scripting (XSS) vulnerability.
Recommendation: Update to the latest versions of the libraries.
- Low Severity Vulnerabilities
Cookies Not Marked as Secure:
Description: Some cookies do not have the Secure flag set, meaning they could be transmitted over non-secure channels.
Recommendation: Add the Secure flag to cookies to ensure they are only transmitted over secure connections.
Cookies Not Marked as HttpOnly:
Description: Some cookies do not have the HttpOnly attribute, making them accessible to client-side scripts.
Recommendation: Add the HttpOnly attribute to cookies to protect them from being accessed by client-side scripts.
Insecure iframes:
Description: iframes embedding external resources without the sandbox attribute, which can allow manipulation by external pages.
Recommendation: Use the sandbox attribute for iframes to add security restrictions.
Informational Vulnerabilities
Content Security Policy (CSP) Not Implemented:
Description: The site does not implement a Content Security Policy (CSP), making it vulnerable to XSS attacks and data injections.
Recommendation: Implement a CSP by defining allowed content sources.
Outdated JavaScript Library Versions:
Description: Use of outdated JavaScript library versions, even though no specific vulnerabilities were found in these versions.
Recommendation: Update the libraries to benefit from security and performance improvements.
About the Client
Top Client
France
Member since
Copyright © 2025 | Truelancer.com