激情综合色五月六月婷婷,久久久久久综合网天天,国产精品久久久久精品综合紧无码

  • 2022-10-28
宇哥博客 服務器 網站安全分析測試,評分F解決辦法

網站安全分析測試,評分F解決辦法

使用網站安全分析工具測試網站,得出結果為“F”,提示的安全問題就是JQuery版本較低、安全頭信息。

所用的工具為:https://snyk.io/test/website-scanner/

JQuery版本1.9.1都不行么??

引入的JQuery文件名為jquery-1.9.1.min.js,接著就直接改了文件名為jquery-3.5.1.min.js,文件內的版本號改成了3.5.1。

再次測試,竟然沒有提示JQuery版本的問題了。???

安全頭信息的問題

  • Strict Transport Security
  • X Content Type Options
  • X Frame Options
  • Content Security Policy
  • X XSS Protection

在PHP文件中添加以下代碼即可,

header("Content-Security-Policy: default-src 'self'; img-src https://*; child-src 'none'; script-src * 'unsafe-inline';");
header('X-Frame-Options:Deny');
header('Strict-Transport-Security: max-age=63072000');

header('X-XSS-Protection: 1');
header('Access-Control-Allow-Origin: *');

header('X-Content-Type-Options: nosniff');

其它語言可以查詢相關添加頭信息的方法。

此時再次測試,評分變成了“A”。

關于評分

How do we score a website security scan?

The highest grade you can get is an A+ and the lowest is an F. The grades are composed based on the following score:

  • A+ for a score equal to or higher than 95
  • A for a score equal to or higher than 75
  • B for a score equal to or higher than 60
  • C for a score equal to or higher than 50
  • D for a score equal to or higher than 29
  • E for a score equal to or higher than 14
  • F for a score equal to or higher than 0

The scores are calculated based on the formula that Scott Helm has put together for?https://securityheaders.com. The formula is public and includes a factor that lowers the score for any JavaScript vulnerabilities that are detected.

Security headers are scored as follows:

  • Content-Security-Policy adds 25 points
  • X-Frame-Options adds 20 points
  • X-XSS-Protection adds 20 points
  • X-Content-type-options adds 20 points
  • Strict-transport-security adds 25 points, only if the website tested is on HTTPS

以上內容來自于https://snyk.io/blog/website-security-score-explained/,評定標準的一些解釋。

其它

Mozilla HTTP Observatory,是Mozilla最近發布的一款名為Observatory的網站安全分析工具。

http-observatory github開源地址:https://github.com/mozilla/http-observatory

本文來自網絡,不代表本站立場,轉載請注明出處。http://www.callingbugs.com/1469.html

發表評論

您的電子郵箱地址不會被公開。

返回頂部
激情综合色五月六月婷婷,久久久久久综合网天天,国产精品久久久久精品综合紧无码