I published the following diary on isc.sans.org: “HTTP Headers… the Achilles’ heel of many applications“. When browsing a target web application, a pentester is looking for all “entry†or “injection†points present in the pages. Everybody knows that a static website with pure HTML code is less juicy compared to a
