1.0.2 • Published 11 months ago

node-monitor-secure v1.0.2

Weekly downloads
-
License
ISC
Repository
-
Last release
11 months ago

node-monitor-secure-

$ npm install express node-monitor-secure
const express = require('express')
const app = express()
# here pass all are middleware for security 
app.use(nodeMonitor.AutoTestSecurity(process.env.SECURTY_KEY))
# here pass your your api middlewares and others routes  also  do not add your routes befor node monitor 
app.get('/', function (req, res) {
  res.send('Hello World')
})

app.listen(3000)

Web Application Security Dashboard

This repository contains a collection of security vulnerabilities and attack vectors commonly found in web applications. The data is organized into categories, each containing a list of use cases related to that category.

Categories

Broken Authentication and Session Management

Injection

  • Application is vulnerable to Command injection attack
  • Application is vulnerable to HTML injection attack
  • Application is vulnerable to iframe injection attack
  • Application is vulnerable to SQL Injection
  • Application is vulnerable to XML injection

SSL

  • SSL Information

Error Message

  • Server Error Message

Insecure Direct Object References

  • Directory listing is enabled on the server
  • HTTP parameter pollution
  • The remote server contains a 'robots.txt' file

Security Misconfiguration

  • Application accepts arbitrary methods
  • Dangerous HTTP methods are enabled on the server
  • OPTIONS method enabled

Sensitive Data Exposure

  • An adversary can fingerprint the web server from the HTTP responses
  • Application's server side source code disclosure
  • Critical information in URL
  • Default web-page present in the server
  • Sensitive information revealed in HTTP response
  • Cleartext Password returned in login response

Unvalidated Redirects and Forwards

  • The application is vulnerable to a URL redirection flaw

Cross-Site Scripting (XSS)

  • Application is vulnerable to cross frame scripting
  • Application is vulnerable to Cross Site Scripting attack
  • Application is vulnerable to stored Cross Site Scripting attack
  • Is XSS possible via CSS injection?

Miscellaneous Attacks

  • Auto-complete is enabled for sensitive fields
  • Captcha is not implemented for publicly available forms
  • click jacking
  • Developer comments revealed in page source
  • Email Flooding
  • Vulnerabilities in known components

Sensitive Data stored in local storage

  • Is sensitive data or session token stored in local data storage of browser?

Weak Cross domain policy

  • Is "allow-access-from domain" in cross-domain.xml policy file set to * or unauthorized domains?
  • Is "Origin" header in client request validated at the server?
  • Is "Access-Control-Allow-Origin" header in server response is set securely?
securityweb server
axiosexpress
1.0.2

11 months ago

1.0.1

12 months ago

1.0.0

12 months ago