VAPT issue
1. Host Header Injection Attack,
2. Improper CSRF token implementation,
3. Disclosing server version
in upgradation of Outsystems in new version most the security concern is resolved and rest from CSP in lifetime.
Thanx @Prashant
Hi Prashant
Your question is not enough to explain what are you looking for. I'm presuming that you are facing security related issues in application and what to resolve those. Please refer this document on security where you can fine the suitable solution - https://success.outsystems.com/Support/Security
Thanks
Web Application is vulnerable to Host Header Injection Attack
An attacker can modify the legitimate host header with a wrong host in the request, and poisons the cache of the web application server as well the proxy. When authorized user tries to access the host, the cache of the web server is poisoned with the attacker’s domain that redirects the user to the domain of attacker.
like
# instead of
GET /TestABC HTTP/1.1
Host: xyz.com
# they would use modified the Host header in the request reflecting the new host value.
http://good.name.com/TestABC HTTP/1.1
Host: evil.com
have you got solution for this?