HTTP Vulnerability Checks Test
SSL certificates are important to maintain the confidentiality of data and also organization’s reputation and integrity. However, SSL certificate monitoring focuses only on the validity and strength of the certificates. Typically, there are several factors that can lead to vulnerabilities in SSL/TLS implementations or configurations. For an organization to mitigate risks, comply with regulations, protect sensitive data, and maintain trust with users and stakeholders in their digital interactions, it is also essential to monitor other aspects of HTTP/SSL communication such as weak ciphers, weak protocol, detect if the website is susceptible to common web attacks etc. The HTTP Vulnerability Checks test exactly helps in this aspect!
For each configured web site URL, this test reports the following:
-
Is any weak protocol being used (TLS 1.0, SSL v3)?
-
Are any weak ciphers being used?
-
Is the web site susceptible to common web attacks (POODLE, BEAST, etc.) and which ones?
-
Is strict transport security (HSTS) supported?
-
Are the web sites HTTP headers configured as per best practice?
-
Are any headers that should be present missing?
Using this test, administrators can figure out how secure the URLs are, proactively identify web attacks and swiftly respond to potential issues.
Target of the test : A Web server
Agent deploying the test : An internal agent
Outputs of the test : One set of results for every URL that is configured on the target web server being monitored.
Parameter | Description |
---|---|
Test Period |
How often should the test be executed. |
Host |
The IP address of the host for which the test is being configured. |
Port |
Specify the port at which the target host listens to. |
Sites For SSL Test |
Specify a comma-separated list of URLs that you wish to check for HTTP vulnerability. For example, your specification can be: 192.168.9.10:7077, www.eginnovations.com. Based on your specification, this test will execute the HTTP Vulnerability checks test and report metrics for both the URLs i.e., each URL will be displayed as a descriptor and the test will report the result of the HTTP vulnerability checks as the measures. |
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency. |
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
Measurement | Description | Measurement Unit | Interpretation | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Supported protocols |
Indicates the number of protocols that were supported for this URL. |
Number |
Supported protocols refer to the versions of SSL/TLS protocols that the server can use to establish secure connections with clients, ensuring both security and compatibility across different environments. By regularly monitoring supported protocols, administrators can identify if there are any outdated or insecure protocols enabled on the servers. The Detailed Diagnosis of this measure shows the list of supported protocols configured for this URL. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Supported vulnerable protocols |
Indicates the number of vulnerable protocols that were supported for this URL. |
Number |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Supported cipher suites |
Indicates the number of cipher suites that were supported for this URL. |
Number |
This measure refer to the combinations of encryption algorithms, key exchange algorithms, and message authentication algorithms that are supported by a particular SSL/TLS implementation (such as OpenSSL, Microsoft SChannel, or others). When a client (like a web browser) and a server establish an SSL/TLS connection, they negotiate which cipher suite to use based on their respective capabilities. Different SSL/TLS implementations and versions support different sets of cipher suites. Server administrators often configure their servers to support a specific list of cipher suites based on security best practices, compatibility with clients, and compliance requirements. The Detailed Diagnosis of this measure shows the list of supported protocols configured for this URL and the ciphers. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Supported insecure cipher suites |
Indicates the number of insecure cipher suites that were supported for this URL. |
Number |
This measure refer to cryptographic combinations used in SSL/TLS protocols that are considered weak or vulnerable to security threats. These cipher suites should ideally be avoided or disabled due to known vulnerabilities or weaknesses that could compromise the confidentiality, integrity, or authenticity of the transmitted data. A value close to 0 is desired. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Supported weak cipher suites |
Indicates the number of weak cipher suites that were supported for this URL. |
Number |
This measure refers to cryptographic combinations used in SSL/TLS protocols, while not as insecure as those considered "insecure", still exhibit vulnerabilities or weaknesses that could potentially compromise the security of data transmission. The Detailed Diagnosis of this measure shows the list of supported protocols configured for this URL and the weak ciphers. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is vulnerable to Heart bleed? |
Indicates whether/not this URL is vulnerable to heart bleed. |
|
Heart bleed refers to a serious security vulnerability that affected the OpenSSL library, which is used to implement the Transport Layer Security (TLS) protocol in many websites and services. The discovery of Heart bleed prompted a widespread effort to patch vulnerable OpenSSL installations. Website administrators were advised to update their OpenSSL libraries and reissue SSL/TLS certificates as a precautionary measure. Users were also encouraged to change their passwords for affected services once they had been patched. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the vulnerability of the configured URL with respect to heart bleed. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is vulnerable to BEAST attack? |
Indicates whether/not this URL is vulnerable to BEAST attack. |
|
A BEAST (Browser Exploit Against SSL/TLS) attack is a cryptographic exploit that targets the SSL/TLS protocol, specifically targeting the Cipher Block Chaining (CBC) mode of encryption used in SSL and TLS versions prior to TLS 1.1. BEAST attacks are significant because they can potentially expose sensitive information such as session tokens or login credentials, allowing attackers to hijack user sessions or impersonate legitimate users. To mitigate the risk of BEAST attacks, it's essential to use more secure encryption protocols such as TLS 1.2 or later, which employ countermeasures to prevent this type of exploit. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the vulnerability of the configured URL with respect to BEAST attacks. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is vulnerable to POODLE attack? |
Indicates whether/not this URL is vulnerable to POODLE attack. |
|
The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack is a security vulnerability that exploits the SSLv3 (Secure Sockets Layer version 3) protocol. It allows attackers to decrypt sensitive information such as authentication cookies and other secure data exchanged between a web server and a client. POODLE attacks are particularly dangerous because they can be used to intercept and steal sensitive information, such as login credentials or session tokens, from users who are using outdated web browsers or servers that still support SSLv3. To mitigate the risk of POODLE attacks, it's important to disable support for SSLv3 and use more secure protocols such as TLS (Transport Layer Security). The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the vulnerability of the configured URL with respect to POODLE attacks. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is vulnerable to ChangeCipherSpec (CVE-2014-0224) attack? |
Indicates whether/not this URL is vulnerable to ChangeCipherSpec (CVE-2014-0224) attack. |
|
In the ChangeCipherSpec (CVE-2014-0224) attack, a malicious actor can exploit a weakness in the OpenSSL implementation to perform a man-in-the-middle (MitM) attack. The vulnerability allows an attacker to force a connection to downgrade its encryption protocol to a less secure version, enabling the attacker to eavesdrop on supposedly secure communications. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the vulnerability of the configured URL with respect to ChangeCipherSpec (CVE-2014-0224) attacks. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is vulnerable to ROBOT attack? |
Indicates whether/not this URL is vulnerable to ROBOT attack. |
|
The ROBOT (Return Of Bleichenbacher's Oracle Threat) attack is a vulnerability that arises from servers' responses to RSA encryption attempts. By carefully crafting RSA ciphertexts and analyzing the server's responses, an attacker can infer information about the decryption process and, in some cases, recover the private RSA key. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the vulnerability of the configured URL with respect to ROBOT attacks. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is OCSP Stapling supported? |
Indicates whether/not OCSP Stapling is supported on this URL. |
|
OCSP stapling allows servers to provide clients with time-stamped, digitally signed OCSP responses during the SSL/TLS handshake, enhancing SSL/TLS certificate revocation checks. This method enhances performance and privacy by removing the necessity for clients to contact the Certificate Authority (CA). The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating whether/not OCSP Stapling is supported on this URL. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is vulnerable to FREAK (CVE-2015-0204) attack? |
Indicates whether/not this URL is vulnerable to FREAK attack. |
|
The FREAK (Factoring RSA Export Keys) attack exploits a weakness in SSL/TLS protocol implementations that allowed attackers to force clients to use weaker encryption, specifically the RSA export cipher suites. By exploiting FREAK, attackers could potentially intercept and decrypt supposedly secure communications between clients and servers. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the vulnerability of the configured URL with respect to FREAK attacks. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is vulnerable to DROWN (CVE-2016-0800, CVE-2016-0703) attack? |
Indicates whether/not this URL is vulnerable to DROWN attack. |
|
The DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack takes advantage of servers that support SSLv2 (Secure Sockets Layer version 2), an outdated and insecure protocol for secure communication. Even if a server primarily uses a more modern version of SSL/TLS, if it supports SSLv2 and shares the same RSA key pair for both SSLv2 and the modern protocol, attackers can exploit the vulnerability. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the vulnerability of the configured URL with respect to DROWN attacks. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is vulnerable to LUCKY13 (CVE-2013-0169) attack? |
Indicates whether/not this URL is vulnerable to LUCKY13 attack. |
|
The LUCKY13 attack (CVE-2013-0169) is a cryptographic timing attack that targets implementations of the TLS (Transport Layer Security) and DTLS (Datagram Transport Layer Security) protocols. The LUCKY13 attack allows an attacker to gradually recover plaintext from encrypted communication, compromising the confidentiality of the data being transmitted. To mitigate the LUCKY13 attack, affected TLS and DTLS implementations were updated to improve the handling of padding errors and to reduce the risk of timing-based attacks. Additionally, TLS and DTLS clients and servers should be configured to use secure cipher suites and protocols to minimize the risk of exploitation. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the vulnerability of the configured URL with respect to LUCKY13 attacks. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is vulnerable to Winshock (CVE-2014-6321) attack? |
Indicates whether/not this URL is vulnerable to Winshock attack. |
|
The Winshock vulnerability allows remote attackers to execute arbitrary code on a targeted system by sending specially crafted packets to a Windows server. Essentially, it exploits a flaw in the way Windows handles specially crafted packets during the negotiation of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. An attacker could exploit this vulnerability to conduct a variety of malicious activities, such as remotely executing code, installing malware, or performing other unauthorized actions on the vulnerable system. This could potentially lead to a complete compromise of the affected system and pose significant security risks. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the vulnerability of the configured URL with respect to Winshock attacks. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is vulnerable to RC4 (CVE-2013-2566, CVE-2015-2808) attack? |
Indicates whether/not this URL is vulnerable to RC4 attack. |
|
RC4 (Rivest Cipher 4) is a stream cipher that was widely used for securing internet communications, such as HTTPS connections, in the past. These vulnerabilities are significant because they undermine the security provided by RC4, potentially allowing attackers to decrypt encrypted communications or recover sensitive information. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the vulnerability of the configured URL with respect to RC4 attacks. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is forward secrecy enabled? |
Indicates whether/not forward secrecy is enabled on this URL. |
|
Forward secrecy is a property of key exchange algorithms in SSL/TLS protocols that ensures session keys derived from the long-term key exchange are not compromised even if the server's private key is compromised in the future. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating if the forward secrecy is enabled or not on the URL. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is Server Name Indication extension enabled? |
Indicates whether/not Server Name Indication extension is enabled on this URL. |
|
The Server Name Indication (SNI) extension allows a client (such as a web browser) to specify the host name it is attempting to connect to during the SSL/TLS handshake process. This extension is particularly useful in scenarios where a single IP address hosts multiple websites (virtual hosting) that are secured with SSL/TLS using different SSL certificates. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating if the Server Name Indication extension is enabled on the URL or not. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
HTTP response headers |
Indicates the number of HTTP response headers returned by this URL. |
Number |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is HTTP Strict-Transport-Security (HSTS) enabled? |
Indicates whether/not HTTP Strict-Transport-Security (HSTS) is enabled on this URL. |
|
HTTP Strict Transport Security (HSTS) is a security mechanism that helps protect websites from certain types of attacks, such as man-in-the-middle (MITM) attacks and protocol downgrade attacks. It forces browsers to interact with the server only over a secure HTTPS connection and prevents them from accessing the site via HTTP, even if the user initially tries to do so. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating if HTTP Strict-Transport-Security (HSTS) is enabled in the configured URL or not. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is 'Content-Security-Policy' security header available? |
Indicates whether/not 'Content-Security-Policy' security header is availabl eon this URL. |
|
Content Security Policy (CSP) is an important security feature that helps prevent a variety of attacks, such as cross-site scripting (XSS), clickjacking, and data injection attacks, by specifying which content is allowed to load and execute on a web page. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating if Content-Security-Policy' security header is available in the configured URL or not. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is 'X-Content-Type-Options' security header available? |
Indicates whether/not X-Content-Type-Options' security header is available on this URL. |
|
The X-Content-Type-Options HTTP header is a security feature that helps prevent browsers from interpreting files as a different MIME type than the one declared by the server. The purpose of this header is to prevent attacks that rely on the browser automatically determining the content type of a file, which is commonly employed in MIME sniffing. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating if X-Content-Type-Options' security header is available on the configured URL or not. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is 'X-Frame-Options' security header available? |
Indicates whether/not 'X-Frame-Options' security header is available on this URL. |
|
The X-Frame-Options HTTP header is a security feature designed to prevent clickjacking attacks by controlling whether a browser can display a web page inside a <frame>, <iframe>, <object>, <embed>, or <applet> element. Clickjacking is a type of attack where a malicious website embeds your website in a hidden or transparent iframe and tricks users into clicking on something different from what they think they're clicking on (e.g., a button that submits a form or makes a purchase). The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating if 'X-Frame-Options' security header is available on the configured URL or not. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is 'X-XSS-Protection' security header available? |
Indicates whether/not 'X-XSS-Protection' security header is available on this URL. |
|
The X-XSS-Protection HTTP header is a security feature that was implemented to provide basic protection against cross-site scripting (XSS) attacks in web browsers. It is a mechanism that attempts to block reflected XSS attacks by enabling the browser to detect and neutralize potentially dangerous script content that could be injected into web pages. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating if 'X-XSS-Protection' security header is available on the configured URL or not. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is 'Referrer-Policy' security header available? |
Indicates whether/not 'Referrer-Policy' security header is available on this URL. |
|
The Referrer-Policy HTTP header is a security feature that controls how much information is included in the Referer header when navigating from one page to another, or when making requests (e.g., clicking links, submitting forms, or loading external resources). The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating if 'Referrer-Policy' security header is available on the configured URL or not. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is 'Feature-Policy' security header available? |
Indicates whether/not 'Feature-Policy' security header is available on this URL. |
|
The Feature-Policy HTTP header is a security feature that allows a website to control which browser features can be used on its pages. It allows you to specify which web platform features a site or iframe is allowed to access, and it gives website owners more control over the capabilities of their content. The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating if 'Feature-Policy' security header is available on the configured URL or not. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is 'Permissions-Policy' security header available? |
Indicates whether/not 'Permissions-Policy' security header is available on this URL. |
|
The Permissions-Policy HTTP header is a security feature that allows web developers to control which browser features can be accessed by their website or embedded content (such as iframes, images, or external resources). The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating if 'Permissions-Policy' security header is available on the configured URL or not. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
HTTP response status |
Indicates the HTTP response status of this URL. |
|
The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating the HTTP response status of the URL. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Is there any connectivity issue? |
Indicates whether/not this URL is facing any connectivity issues. |
|
The values reported by this measure and its numeric equivalent are mentioned in the table below:
Note: By default, this measure reports the above-mentioned Measure Values while indicating whether/not this URL is facing any connectivity issues. However, in the graph of this measure, Measure Values will be represented using the corresponding numeric equivalents only - i.e., 0 or 1. |