I receive that there is an insecure cache control header issue for the following response:
HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Id #5815 | Release:
| Updated: Aug 19, 2013 at 10:35 PM by chrisweber | Created: Aug 18, 2013 at 10:48 AM by webberonline
Id #5814 | Release:
| Updated: Aug 1, 2013 at 9:40 PM by chrisweber | Created: Aug 1, 2013 at 9:10 PM by rprice
Comments containing eval() should be ignored.
// item A: restricted from using eval() function
// eval("window." + i.toString().toUpperCase() + " = " + n++);
//tt_op = (document.defaultView &...
Id #5813 | Release:
| Updated: Dec 13, 2010 at 5:39 PM by chrisweber | Created: Dec 13, 2010 at 5:39 PM by chrisweber
Dump the contents of all JSON arrays, or just flag that a ton of data is being pushed down but not displayed
List all hidden or disabled fields
Collect all cookies
Flag cookies that might be used ...
Id #5810 | Release:
| Updated: Nov 9, 2010 at 10:20 PM by chrisweber | Created: Nov 9, 2010 at 10:20 PM by chrisweber
The Results should be available in both a list view (currently working) and a tree-view. A toggle button/switch should be available to switch between the two.
Tree-view results should organize th...
Id #5808 | Release:
| Updated: Nov 9, 2010 at 8:12 PM by chrisweber | Created: Nov 9, 2010 at 8:04 PM by
The check would see if the Content-Disposition header exists in the response and verify that the 'X-Download-Options: noopen' header is present.
Id #4268 | Release:
| Updated: Apr 3, 2014 at 8:21 PM by ericlaw1979 | Created: Apr 13, 2010 at 7:02 PM by chrisweber
After unzipping a .XAP file, review the .XAML manifest file's 'deployment' section for an attribute and value:
When the attribute is set to Script...
Id #3855 | Release:
| Updated: Jan 18, 2010 at 7:40 AM by chrisweber | Created: Jan 18, 2010 at 7:40 AM by chrisweber
XAP's follow the ZIP file format? Include a Utility class for decompressing XAP. Reference for unzipping XAP:
Id #3853 | Release:
| Updated: Jan 18, 2010 at 7:21 AM by chrisweber | Created: Jan 18, 2010 at 7:16 AM by chrisweber
Research CWE ID's that Watcher has checks for, and providing that mapping ID in the 'standards compliance' column for each check.
Id #3852 | Release:
| Updated: Jan 17, 2010 at 9:21 PM by chrisweber | Created: Jan 17, 2010 at 9:21 PM by chrisweber
The watcher_exceptions.txt file cannot be created on Vista or Windows 7 systems if Watcher was installed to the 'Program Files' directory. This directory requires administrative permissions to wri...
Id #3839 | Release:
| Updated: Feb 17, 2014 at 2:03 PM by elamid | Created: Jan 15, 2010 at 10:23 PM by chrisweber