yellowbellys Posted March 6, 2015 Share Posted March 6, 2015 I have received the following fails from TrustWave's business vulnerability scan: I have asked my hosting provider and they have said: Quote Most of the vulnerabilities relate to you not using SSL. It appears your application when you visit the SSL version of your site it redirects to to the non SSL version. You most likely need to change settings from the admin side of your application to force SSL. The other one is a cross site scripting vulnerability you'd need to contact the makers of the software about that one it has nothing to do with our servers. and Quote The cross site scripting vulnerability would be an application issue. The SSL issues would be as well it's up to your application to make sure SSL is forced and used in the right spots and it seems like it's not based on the report. Is there any way I can fix these faults? Link to comment Share on other sites More sharing options...
bellini13 Posted March 6, 2015 Share Posted March 6, 2015 start by showing us what the faults are... Link to comment Share on other sites More sharing options...
yellowbellys Posted March 6, 2015 Author Share Posted March 6, 2015 Reflected Cross-Site Scripting (XSS) Vulnerability Web Application Transmits Login Credentials Without Encryption Unencrypted Communication Channel Accessibility Those are the fails I am given. They are in the image above. Link to comment Share on other sites More sharing options...
yellowbellys Posted March 6, 2015 Author Share Posted March 6, 2015 I have no more information than this. Link to comment Share on other sites More sharing options...
bellini13 Posted March 6, 2015 Share Posted March 6, 2015 Unfortunately that that information is too vague and general. not much I can do to help Link to comment Share on other sites More sharing options...
yellowbellys Posted March 10, 2015 Author Share Posted March 10, 2015 On 3/6/2015 at 5:22 PM, bellini13 said: Unfortunately that that information is too vague and general. not much I can do to help What, this is too vague: Quote Most of the vulnerabilities relate to you not using SSL. It appears your application when you visit the SSL version of your site it redirects to to the non SSL version. You most likely need to change settings from the admin side of your application to force SSL. The other one is a cross site scripting vulnerability you'd need to contact the makers of the software about that one it has nothing to do with our servers. and Quote The cross site scripting vulnerability would be an application issue. The SSL issues would be as well it's up to your application to make sure SSL is forced and used in the right spots and it seems like it's not based on the report. Those were the infos I was given, what is vague about this? Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now