The Nikto scanner and Microsoft IIS.

WindowsGeek 21 Reputation points
2021-10-04T12:32:31.187+00:00

Hello,
I scanned my website with Nikto scanner and it showed me following information:

+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.  
+ The site uses SSL and Expect-CT header is not present.  
+ All CGI directories 'found', use '-C none' to test none  
+ Cookie .ASPXANONYMOUS created without the secure flag  

In the HTTP Response Headers, I defined following parameters:

137378-response-headers.png

Which parameters must be added to solve those security vulnerabilities?

Thank you.

Internet Information Services
{count} votes

1 answer

Sort by: Most helpful
  1. WindowsGeek 21 Reputation points
    2021-10-13T11:00:02.817+00:00

    Hello,
    To solve the Cookie Session Without 'Secure' Flag vulnerability, I found this tutorial. In the <system.web> element, I have following line:

    <httpCookies httpOnlyCookies="true" requireSSL="true" domain="String" />
    

    But why problem existed?

    Thank you.