You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/pentesting-web/cache-deception/README.md
-10Lines changed: 0 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -376,16 +376,6 @@ Validation checklist
376
376
- Confirm the authenticated header is present on the retargeted request (e.g., in a proxy or via server-side logs) and that the CDN caches the response under the traversed path.
377
377
- From a fresh context (no auth), request the same path and confirm the secret JSON is served from cache.
378
378
379
-
Impact
380
-
381
-
- Disclosure of bearer token or sensitive JSON for the authenticated user, enabling Account Takeover until expiry/rotation.
382
-
383
-
Mitigations
384
-
385
-
- Client: Normalize/validate path parameters used inside URL paths; reject /, .. and their encodings. Prefer strict routing helpers over string concatenation.
386
-
- Edge/CDN: Disable extension-based overrides for API paths; enforce no-store for sensitive endpoints at the edge; use strict cache keys that vary on Authorization and custom auth headers; segregate static content and APIs on separate hostnames with different caching policies.
387
-
- Auth: Avoid returning bearer tokens in cacheable contexts; scope tokens tightly and minimize TTL; rotate on use/suspicious access.
0 commit comments