You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Song Zhiwen edited this page Mar 28, 2017
·
4 revisions
Security test is done on searching the movie using OWASP ZAP. The result of active scan on the api shows that there are three alerts: X-Frame_options Header Not Set, Web Browser XSS Protection Not Enabled and X-Content-Type-Options Header Missing. These three alerts are specific to the browser instead of the backend API. This shows that the backend API is relatively secure and can prevent basic attacks. The alerts reported by ZAP can be avoided by configuring the browser or any relevant client.