INFORMATION SECURITY ANALYSIS AND AUDIT
LAB ASSESSMENT 6
NAME: Prashna Thapa
REG NO :20BCE2750
,1. Define Vulnerability Analysis
A vulnerability analysis is a review that focuses on security-relevant issues that either
moderately or severely impact the security of the product or system.
2. Utilize the given weblink,
https://observatory.mozilla.org/analyze/securitytrails.com
a)Prepare the HTTP Observatory Report.
, Vulnerability Analysis:
Content Security Policy (CSP) implemented unsafely.
This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https:
inside object-src or script-src, or not restricting the sources for object-src or script-src.
The policy blocks execution of inline JavaScript, plug-ins, inline styles ; Restricts use of
the <base> tag, submission of <form>contents , deny by default using default-src 'none'.
A stronger and more compatible content security policy can be used.
b. Prepare TLS Observatory Report:
LAB ASSESSMENT 6
NAME: Prashna Thapa
REG NO :20BCE2750
,1. Define Vulnerability Analysis
A vulnerability analysis is a review that focuses on security-relevant issues that either
moderately or severely impact the security of the product or system.
2. Utilize the given weblink,
https://observatory.mozilla.org/analyze/securitytrails.com
a)Prepare the HTTP Observatory Report.
, Vulnerability Analysis:
Content Security Policy (CSP) implemented unsafely.
This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https:
inside object-src or script-src, or not restricting the sources for object-src or script-src.
The policy blocks execution of inline JavaScript, plug-ins, inline styles ; Restricts use of
the <base> tag, submission of <form>contents , deny by default using default-src 'none'.
A stronger and more compatible content security policy can be used.
b. Prepare TLS Observatory Report:
