PCI - Web Application Potentially Vulnerable to Clickjacking 443 / tcp / www

Hello Experts,
Thanks for the assistance so far.

Please help us resolve these Vulnerabilities for compliance.

Our application is developed in classic ASP and asp.net partially, SQL Server 2012 and IIS 8.0 is what we use.

Web Application Potentially Vulnerable to
Clickjacking 443 / tcp / www

Web Application Potentially Vulnerable to
Clickjacking 80 / tcp / www

SSL Certificate Expiry 443 / tcp / www - We get this error even when we have an active SSL certificate.

ASPVulnerabilitiesSecuritySSL / HTTPSMicrosoft IIS Web Server

Last Comment

Big Monty

8/22/2022 - Mon

Dan McFadden

1/19/2016

Can you provide a URL or something to review?

Are you running some sort of security scan against your web app?

In general, one of the easiest things to do, is to add an http response header to the website's configuration. The header is called X-Frame-Options and you can add this to the site thru the IIS Manager. It requires no code change only a configuration change at the IIS or web site level.

Link: https://support.microsoft.com/en-us/kb/2694329

I recommend doing this at the Server scope level since it will propagate down to all sites hosted on the web server. If necessary, you could remove the header at the web site level if it is deemed as not required for the operation of a specific site.

Reference link: https://en.wikipedia.org/wiki/Clickjacking

Dan

ASKER CERTIFIED SOLUTION

btan

1/22/2016

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

gracesoft