Support #13279
[SCP ID :##6480##] : VAPT Findings - BIF-102192 - Implementasi Security Header
Status: | Closed - End of life cycle | Start date: | October 26, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Zahir Abd Latif | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:-
Pengujian pada aplikasi BIFAST menunjukan aplikasi belum menerapkan security header yang ada, terutama implementasi HSTS
Situs Target :
https://10.170.136.228/bifast-portal/
Rekomendasi :
Kami sarankan untuk implementasi security header HSTS selain security header lain yang belum diterapkan sesuai dengan kebutuhan aplikasi.
History
#1 Updated by Stephanie Sufrapto almost 2 years ago
- Status changed from New - Begin Life Cycle to User Acceptance Test
- Assignee changed from Bramantyo Pujo Wiyono to Zahir Abd Latif
- % Done changed from 0 to 100
Provide feedback to 3 November 2022
Solution: Please use https to test.
Update in apache web server 'httpd.conf'
Insert the following lines.
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Restart Apache
#2 Updated by Zahir Abd Latif almost 2 years ago
- Status changed from User Acceptance Test to Closed - End of life cycle
Issue closed in SCP.