All system files generated dynamically must have an explicitly defined content type.
This requirement is verified in following services
- CAPEC™-242. Code injection
- OWASP TOP 10-A3. Injection
- OWASP TOP 10-A5. Security misconfiguration
- WASSEC-5_5. Extraction of dynamic content
- WASSEC-6_2_5_7. Information disclosure - Default web server files
- OWASP ASVS-11_1_4. Business logic security
- OWASP ASVS-12_3_4. File execution
- OWASP ASVS-12_5_2. File download
- OWASP ASVS-14_4_2. HTTP security headers
- OWASP API Security Top 10-API7. Security Misconfiguration
- CASA-11_1_4. Business Logic Security
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.