One vulnerability ,Cross Frame scripting is found in my application.
Fixed this issue by adding <% response.addHeader("X-Frame-Options", "SAMEORIGIN"); %> in all
jsp pages. but still this vulnerabilty is in my application when the application is scanned.
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="Content-Type" content="text/html; charset=UTF-8">
<TITLE>Untitled</TITLE>
<% response.addHeader("X-Frame-Options", "SAMEORIGIN"); %>
</HEAD>
tested this by creating a
test page containing an HTML iframe tag whose src attribute is set to
http://usa0300uz1345.apps.mc.xerox.com:10503/NGC/ , (for ex : this is my application URL )
Displayed the page as " this content cannot be displayed in a iframe " this is working as expected ..but still this vulnerability is in application.
is there any other way we can test this application if this Cross Frame Vulnerability is still present or not.
Please help me on this.