Keredari - Developer's Blog

 Typically server have 2 response headers in Apache2 which you want to remove for security reason. ServerSignature - used to configure a footer line under the server-generated documents.  ServerTokens - controls the details which the server sends. The details can include OS and other complied modules. Implementation Procedure in Apache2 Run this command sudo nano /etc/apache2/conf-enabled/security.conf Within that file, search for SeverTokens and set it to Prod Then search for ServerSignature and set it to Off Save and close that file. Restart Apache with the command sudo systemctl restart apache2

 This is a new security feature introduced by Microsoft in IE 6 SP1 to mitigate the possibility of a successful Cross-Site scripting attack by not allowing cookies with the HTTP only attribute to be accessed via client-side scripts. We can mitigate most common XSS attacks in our web application using HttpOnly and Secure flag with cookie. Implementation Procedure in Apache2 Ensure that mod_headers.so are enabled in Apache HTTP server Add below line in httpd.conf            Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure Restart Apache HTTP server to test ( sudo systemctl restart apache2 ) Note: You can check either leverage the browser’s inbuilt developer tools to check the response header or use an online tool .

 A Cross-Frame Scripting (XFS) vulnerability can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page.       The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering, or Cross-Site Request Forgery attacks. To defend Clickjacking attack on Apache web server, we can use X-FRAME-OPTIONS to avoid web application being hacked from Clickjacking attack. Browser vendors have introduced and adopted a policy-based mitigation technique using the X-FrameOptions header. Developers can use this header to instruct the browser about appropriate actions to perform if their site is included inside an iframe.  Developers must set the X-Frame-Options header to one of the following permitted values: ·  DENY: - Deny all attempts to frame the page ·  SAMEORIGIN: -The page can be framed by another page only if it belongs to the same origin as the page being f...

 Some time we face a common problem with select2  if select2 library added to all pages and js function too but selection did not exist or was not loaded. So we can fix that issue using below method: Make sure $("#selector") is exists or not. if ( $("#selector").length > 0 ){     //Check selection      $("#selector").select2();     // Call select 2 }