We have a project that has a security report and needs correction
The findings were identified by the security rating agency BitSight.
The client domain in this text changed to "[login to view URL]" for privacy reasons, we will give the correct domain to the chosen freelancer.
1
Risk Vector,Finding Identifier,Attributed To,Details,Remediation Instructions,Comments,Destination Port,Certificate Issuer,Certificate Subject,Certificate Subject Alternate,Certificate Serial Number,Observed IPs,Belongs to service provider?,Diffie-Hellman Prime Name,Diffie-Hellman Prime Length,Diffie-Hellman Prime,Product,Transport Method,Final Location,Cache-Control,Content-Security-Policy,X-Content-Type-Options,Strict-Transport-Security
2
Web Application Headers,[login to view URL],MEAG Munich Ergo Asset Management GmbH,Ineffective headers: Set-Cookie
3
SSL Configurations,[login to view URL],MEAG Munich Ergo Asset Management GmbH,Diffie-Hellman prime is very commonly used and is not safe,"(Diffie-Hellman prime is very commonly used and is not safe) A common Diffie-Hellman prime indicates poor server-side TLS configuration
4
Web Application Headers,[login to view URL],MEAG Munich Ergo Asset Management GmbH,Missing required headers,"(Missing required headers) One or more required security headers are not set. - Ensure your policy correctly implements the required headers. Refer to the <a target=""new"" href=""[login to view URL]"">list of required headers</a>.",,80,,,,,[login to view URL][85.XX.135.129]:80,,,,,,,[login to view URL],No Issues,Missing required headers,Missing required headers,No Issues
5.
Web Application Headers,[login to view URL],MEAG Munich Ergo Asset Management GmbH,Ineffective headers: Set-Cookie
6
SSL Configurations,[login to view URL],MEAG Munich Ergo Asset Management GmbH,Diffie-Hellman prime is very commonly used and is not safe,"(Diffie-Hellman prime is very commonly used and is not safe) A common Diffie-Hellman prime indicates poor server-side TLS configuration