We have done VAPT on our Global protect URL link and identified 3 VA, Kindly check and help resolving this at earliest. 1) Absence of CSRF tokens :- No Anti-CSRF tokens were found in a HTML submission form. A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf. 2) Missing secure Flag Attributes in the Encrypted Session (SSL) Cookie:- The Session Cookie Does Not Have "Secure" Attribute.The Secure Attribute Tells The Browser To Only Use This Cookie Via Secure/Encrypted Connections. This measure makes certain client-side attacks, such as cross-site scripting, slightly harder to exploit by preventing them from trivially capturing the cookie's value via an injected script. 3) Referrer-Policy Header is not implemented:- It was observed that, Referrer-policy is not implemented in response header. Referrer-Policy is a security header designed to prevent cross-domain referrer leakage. Also, VAPT team has provided following links for 3 vulnerabilities 1) http://projects.webappsec.org/Cross-Site-Request-Forgery http://cwe.mitre.org/data/definitions/352.html 2) https://www.paladion.net/blogs/cookie-attributes-and-their-importance https://www.maravis.com/protecting-web-application-cookies-by-restricting-scope/ 3) https://scotthelme.co.uk/a-new-security-header-referrer-policy/
... View more