Setup-PTest

HTTP Strict Transport Security (HSTS) Policy Not Enabled

1.1. SeThe ~~adiciona~~header lais ~~cabecera~~added ato ~~las~~the ~~respuestas~~responses ~~desde~~from elthe ~~server~~ server.

YAnd seit ~~puede~~can ~~evidenciar~~be enevidenced lain ~~respuesta~~the ~~del~~site's ~~sitio:~~response:

Vulnerable JavaScript Libraries

2.1. SeJquery ~~actualiza~~library laupgraded ~~librería~~to ~~Jquery~~the alatest ~~la última versión~~ version

yand sethe ~~actualizan~~references ~~las~~are ~~referencias~~updated enin elthe ~~código~~code ~~como~~as seevidenced ~~evidencia~~by enthe lapage ~~carga de la página~~ loading

Cookies Not Marked as Secure

3.1. EnIn ~~la etiqueta~~the Forms setag, ~~adiciona~~the ~~el atributo~~attribute requireSSL=true yis seadded ~~adiciona~~and ~~la etiqueta~~the httpCookies tag is added.

YAnd enon elthe ~~sitio~~site seit ~~puede~~can ~~evidenciar~~be ~~que~~seen ~~ahora~~that ~~todas~~now ~~las~~all cookies ~~están~~are ~~marcadas~~marked ~~como~~as ~~secure~~secure.

Content Security Policy (CSP) Not Implemented

4.1. SeThe ~~adiciona~~CSP elis ~~CSP~~added ~~mediante~~through elthe ~~código~~ code

YAnd seit ~~evidencia~~is enevident ~~los~~in ~~header~~the ~~del~~site ~~sitio~~headers

~~Además~~In seaddition, ~~instala~~the elGoogle CSP validator deis ~~Google~~installed, yand sea ~~obtiene~~positive ~~resultado~~result ~~positivo~~is enobtained elon ~~sitio~~the site.

Information Disclosure

5.1. SeThe ~~adicionan los siguientes~~following tags yand ~~atributos~~tag deattributes ~~tags~~are ~~para~~added ~~poder~~to ~~ocultar~~hide ~~los~~the header ~~con~~with ~~información~~server ~~del~~and ~~servidor~~code ~~y el código~~ information

YAnd ~~como~~as secan ~~evidencia~~be enseen ~~las~~in ~~cabeceras~~the deresponse ~~respuesta~~headers yathere are no ~~existen~~longer ~~las~~headers ~~cabeceras~~with ~~con~~server ~~datos~~data ~~de servidor y versiones de~~and framework versions.

~~Para~~To ~~controlar~~control elaccess ~~acceso~~to althe ~~changelog~~changelog, seaccess ~~hace~~is ~~mediante~~controlled ~~código~~by the following code

And

you

can

see

not

Ypossible ~~como~~to seaccess ~~evidencia~~without nologging ~~se puede acceder sin iniciar sesión~~in.