Qualys Guard WAS scan Report giving vulnerabilities RRS feed

  • Question

  • Broken Authentication and session management

    150120 Session Cookie Does Not Contain The "secure" Attribute(2)

    150121 Session Cookie Does Not Contain The "HTTPOnly" Attribute(2)

    150124 Framable Page 

    150112 Sensitive form field has not disabled autocomplete 

    150059 Reference to Windows file path is present in HTML 

    150081 X-Frame-Options header is not set (10)

    150042 Server Returns HTTP 500 Message For Request (1)

    150007 Web Application Authentication Method (1)

    150009 Links Crawled (1)

    150010 External Links Discovered (1)

    150014 External Form Actions Discovered (1)

    150020 Links Rejected By Crawl Scope or Exclusion List (1)

    150026 Maximum Number of Links Reached During Crawl (1)

    150028 Cookies Collected

    150029 Session Cookies(1)

    150041 Links Rejected (1)

    • Moved by Youjun Tang Thursday, February 12, 2015 9:49 AM more related to suggestion forum
    Wednesday, February 11, 2015 3:25 PM


  • I'm not sure where the VB.Net question is...

    There's nothing we can do to explain those messages.  You'll have to get information from Qualys Guard on what those mean. 

    Note that web application questions should generally be posted to forums.asp.net.  This thread will probably need to be moved to the off-topic forum unless you can edit it to include a relevant VB.net question.

    Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

    • Proposed as answer by KareninstructorMVP Wednesday, February 11, 2015 4:00 PM
    • Marked as answer by Just Karl Thursday, April 9, 2015 9:35 PM
    Wednesday, February 11, 2015 3:35 PM