Warnings PrivacyBison publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for PrivacyBison.com
| rghost.net |
Observations based on HAR FileNon-Intrusive Cybersecurity and Privacy Observations based on HAR File |
Scan Malwares, Unwanted Software, Social media phishing using Google Web Risk
Get the list of open ports and verify if the corresponding application in the default credential list maps to the port
Validate if a given website is vulnerable to Directory Traversal Attacks
Get the list of open ports and verify if the corresponding application in the default credential list maps to the port
Get the site URL from the HAR file and validate the website for TLS protocol, keyxchange, cipher strength and if it has trusted certificates
Check for Sensitive data in Request Cookies
Check for Sensitive data in Request Headers
Check for Sensitive data in Request Queries
Check for Sensitive data in Response Bodys
Check for Sensitive data in Response Cookies
Check for Sensitive data in Response Headers
Check for Sensitive data in Caches
Get the cookies from the HAR file of a given URL and analyse and generate a report
Get the JWT from the given response/request, and validate it for various vulnerabilities
Strict-Transport-Security response header (HSTS) lets a web site tell browsers that it should only be accessed using HTTPS and not HTTP
CSP provides advanced protection for Cross Site Scripting and Injection Vulnerabilities
HPKP is a Trust of First Use approach.Modern web applications should not tie themselves to specific Public Keys
Expect-CT headers prevents the usage of wrongly issued certificates for a site and makes sure that they do not go unnoticed
Sites can use X-Frame-Option to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
The Access-Control-Allow-Origin response header indicates whether the response can be shared with requesting code from the given origin
X-Content-Type-Options prevents the browser from doing MIME-type sniffing
The Referrer-Policy HTTP header controls how much referrer information (sent via the Referer header) should be included with requests.
Etags are similar to fingerprints and might be used for tracking purposes
Find Vulnerable data in JS files using RetireJS
Find Vulnerable data in JavaScripts and Find Vulnerable URL's using XSSStrike