message
Share this page:

Observations Based on User Activity File for Usa.gov

Non-Intrusive Cybersecurity and Privacy Observations based on User Activity File

General Security Checks

Check if any default database ports and credentials are still used in your web applications. This can result in complete loss of sensitive and private data.

Check for open system ports within your web application domain or its associated sub-domains. This can potentially mitigate exfiltration and command and control threats.

Privacy Checks

Analyze third-party cookies present in your web application. If not properly checked, this can result in exfiltration of sensitive and private data to bad actors.

Application Security Checks

Check subresource integrity to ensure that external resources, such as scripts or stylesheets, have been delivered securely without any changes.

This control ensures that the Content Security Policy (CSP) implemented on a website or web application is configured as per the best practices. It helps to mitigate risks of Cross-Site Scripting (XSS) attacks by verifying that only approved sources for scripts, stylesheets, and other resources are specified and enforced.

Inspect website headers for adherence with security policies and standards.