Skip to content

Security

Song Zhiwen edited this page Mar 28, 2017 · 4 revisions

Security test is done on searching the movie using OWASP ZAP. The result of active scan on the api shows that there are three alerts: X-Frame_options Header Not Set, Web Browser XSS Protection Not Enabled and X-Content-Type-Options Header Missing. These three alerts are specific to the browser instead of the backend API. This shows that the backend API is relatively secure and can prevent basic attacks. The alerts reported by ZAP can be avoided by configuring the browser or any relevant client.

Clone this wiki locally