Search Results

Follow the steps below to remediate this finding on Nginx webserver. Obtain a certificate from a trusted CA. For Let's Encrypt, use Certbot:sudo apt install certbot python3-certbot-nginx sudo certbot --nginx -d yourdomain.comIn nginx.conf, configure:ssl_certif...

Follow the steps below to remediate this finding on Apache webserver. Obtain a certificate from a trusted CA. For Let's Encrypt:sudo apt install certbot python3-certbot-apache sudo certbot --apache -d yourdomain.comIn the Apache SSL VirtualHost, configure:SSLC...

Follow the steps below to remediate this finding on Plesk. In the Plesk control panel, navigate to Domains > your domain > SSL/TLS Certificates.Click the Let's Encrypt button to obtain a free trusted certificate, or click Add SSL/TLS Certificate to upload a ce...

Follow the steps below to remediate this finding on Microsoft IIS webserver. Renew the certificate before it expires.For certificates from a commercial CA, request a renewal from your CA portal and import the new certificate.In IIS Manager, go to Server Certif...

Follow the steps below to remediate this finding on Nginx webserver. If using Let's Encrypt with Certbot, renewal is automatic via a cron job or systemd timer:sudo certbot renew --dry-runIf renewal is not automatic, run:sudo certbot renewReload Nginx after ren...

Follow the steps below to remediate this finding on Apache webserver. If using Let's Encrypt with Certbot, renewal is automatic:sudo certbot renew --dry-runFor commercial certificates, obtain the renewed certificate and update:SSLCertificateFile /path/to/renew...

Follow the steps below to remediate this finding on Plesk. In the Plesk control panel, navigate to Domains > your domain > SSL/TLS Certificates.For Let's Encrypt certificates, Plesk renews them automatically. Verify that the auto-renewal task is enabled.For co...

Follow the steps below to remediate this finding on Microsoft IIS webserver. Replace the self-signed certificate with one issued by a trusted Certificate Authority.For internal services, deploy a certificate from your internal PKI (Active Directory Certificate...

Follow the steps below to remediate this finding on Nginx webserver. Replace the self-signed certificate with a CA-issued certificate.For Let's Encrypt (public-facing sites):sudo certbot --nginx -d yourdomain.comUpdate nginx.conf to reference the new certifica...

Follow the steps below to remediate this finding on Apache webserver. Replace the self-signed certificate with a CA-issued certificate.For Let's Encrypt:sudo certbot --apache -d yourdomain.comUpdate the Apache SSL VirtualHost configuration to reference the new...

Follow the steps below to remediate this finding on Plesk. In the Plesk control panel, navigate to Domains > your domain > SSL/TLS Certificates.Click the Let's Encrypt button to replace the self-signed certificate with a trusted one.Assign the new certificate ...

Follow the steps below to remediate this finding on Generic / Developer guidance. Subresource Integrity (SRI) allows browsers to verify that third-party files (scripts, stylesheets) have not been tampered with.For each externally hosted resource, generate a ha...

Follow the steps below to remediate this finding on WordPress. Use the wp_enqueue_script() and wp_enqueue_style() functions with a src_integrity parameter, or hook into script_loader_tag to add integrity attributes:add_filter('script_loader_tag', function($tag...

Follow the steps below to remediate this finding on Joomla. In your template's index.php, add integrity and crossorigin attributes to any third-party <script> or <link> tags that load external resources.For Joomla 4+, use the WebAssetManager to register assets...

Follow the steps below to remediate this finding on Drupal. In your module's *.libraries.yml, add the integrity key for external assets:my_library:js:https://cdn.example.com/lib.js:type: external attributes: integrity: sha384-<hash> crossorigin: anonymous

Follow the steps below to remediate this finding on Microsoft IIS webserver. Audit application responses for Unix timestamps in JSON, HTML, or HTTP headers and ensure sensitive timestamps (file modification dates, user IDs encoded as timestamps) are not expose...

Follow the steps below to remediate this finding on Nginx webserver. To suppress Last-Modified and ETag headers:add_header Last-Modified ""; etag off;Review application-generated responses and ensure raw Unix timestamps are not returned in API responses unless...

Follow the steps below to remediate this finding on Apache webserver. Suppress file-based timestamp headers:Header unset Last-Modified FileETag NoneReview application code that returns raw Unix timestamps in API or HTML responses.

Follow the steps below to remediate this finding on WordPress. Disable the Last-Modified and ETag headers if not needed for caching:In functions.php:remove_action('wp_head', 'wp_generator'); add_filter('wp_headers', function($headers) { unset($headers['Last-Mo...

Follow the steps below to remediate this finding on Joomla. In Joomla's Global Configuration, disable caching or set the Cache-Control headers appropriately to avoid exposing file modification timestamps.Review template output and component responses for raw U...