pitmaster
Feb 25, 2016Nimbostratus
Scanned with HP Web Inspect
My web app was recently DAST scanned and one of the vulnerabilities was "Missing Cross-Frame Scripting Protection".. Does the ASM protect against that? if not can someone explain?
My web app was recently DAST scanned and one of the vulnerabilities was "Missing Cross-Frame Scripting Protection".. Does the ASM protect against that? if not can someone explain?
This is an interesting situation that occurs from time to time when the description of a vulnerability discovered by a scanner is slightly different than the wording for an ASM violation. ASM would most likely mitigate this vulnerability by either applying cross site scripting signatures, or by suggesting that you turn on Cross Site Request Forgery protection, or both.