Alert Tag: OWASP_2017_A06

https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html

All of the alerts which use this tag:
Tag Link
.env Information Leak
.htaccess Information Leak
Anti-CSRF Tokens Check
Application Error Disclosure
Cloud Metadata Potentially Exposed
Content Security Policy (CSP) Header Not Set
Content Security Policy (CSP) Report-Only Header Found
Content-Type Header Empty
Content-Type Header Missing
Cookie No HttpOnly Flag
Cookie Slack Detector
Cookie Without Secure Flag
Cross-Domain Misconfiguration - Adobe - Read
Cross-Domain Misconfiguration - Adobe - Send
Cross-Domain Misconfiguration - Silverlight
CSP: Header & Meta
CSP: Malformed Policy (Non-ASCII)
CSP: Meta Policy Invalid Directive
CSP: Notices
CSP: script-src unsafe-eval
CSP: script-src unsafe-hashes
CSP: script-src unsafe-inline
CSP: style-src unsafe-hashes
CSP: style-src unsafe-inline
CSP: Wildcard Directive
CSP: X-Content-Security-Policy
CSP: X-WebKit-CSP
Directory Browsing
ELMAH Information Leak
Emails Found in the Viewstate
Generic Padding Oracle
GET for POST
GraphQL Endpoint Supports Introspection
Hidden File Found
HTTP Only Site
HTTP Parameter Override
HTTP to HTTPS Insecure Transition in Form Post
HTTPS Content Available via HTTP
HTTPS to HTTP Insecure Transition in Form Post
Image Exposes Location or Privacy Data
In Page Banner Information Leak
Insecure HTTP Method
Insecure JSF ViewState
Loosely Scoped Cookie
Missing Anti-clickjacking Header
Multiple X-Frame-Options Header Entries
Obsolete Content Security Policy (CSP) Header Found
Old Asp.Net Version in Use
Possible Username Enumeration
Potential IP Addresses Found in the Viewstate
Properties File Disclosure - /WEB-INF folder
Proxy Disclosure
Relative Path Confusion
Reverse Tabnabbing
Secure Pages Include Mixed Content
Server Leaks its Webserver Application via "Server" HTTP Response Header Field
Server Leaks Version Information via "Server" HTTP Response Header Field
Source Code Disclosure - /WEB-INF Folder
Source Code Disclosure - File Inclusion
Source Code Disclosure - Git
Source Code Disclosure - PHP
Source Code Disclosure - SVN
Split Viewstate in Use
Strict-Transport-Security Defined via META (Non-compliant with Spec)
Strict-Transport-Security Disabled
Strict-Transport-Security Header Not Set
Strict-Transport-Security Header on Plain HTTP Response
Strict-Transport-Security Malformed Content (Non-compliant with Spec)
Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec)
Strict-Transport-Security Missing Max-Age (Non-compliant with Spec)
Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)
Sub Resource Integrity Attribute Missing
Trace.axd Information Leak
Viewstate without MAC Signature (Sure)
Viewstate without MAC Signature (Unsure)
Web Cache Deception
WSDL File Detection
X-AspNet-Version Response Header
X-Backend-Server Header Information Leak
X-Content-Type-Options Header Missing
X-Frame-Options Defined via META (Non-compliant with Spec)
X-Frame-Options Setting Malformed