Issue Types
- Address score-impacting CVEs in your Scorecard
- Park domains properly and keep them secure
- Multiple assets shown in observations for 'SSL/TLS' issue types for a single finding
- The usage of hxxp/hxxps next to some links in Platform and API
- DNS Server Accessible
- Telephony/VoIP Device Accessible
- Website References Object Storage
- All CVSS v3 Issue types have a Low Severity despite of their Criticality
- SSL/TLS Service Supports Weak Protocol
- Domain advertised as ransomware victim
- Learn about decayed issue findings
- Algorithms currently flagged in Certificate signed with weak algorithm issue type
- Why did SecurityScorecard not find a CVE issue for my software or service?
- Are information leak findings resolved if the leak source is seized by the FBI?
- Content security policy contains broad directives
- Low-, medium-, and high-severity patching cadences analyzed
- FAQ about the Log4j vulnerability
- Download more than 500 findings per issue
- Separate your outbound NAT to prevent issues with guest wireless traffic
- Resolving Malware Findings
- Issue Resolution for Exposed Subdomain
- Website Does Not Implement HSTS Best Practices
- Why are Issue findings duplicated?
- Insecure HTTPS redirect pattern
- Issues reported belong to assets not owned by our organization (misattribution)
- How to validate a Content Security Policy (CSP)
- Session cookie missing 'HttpOnly' flag
- Session cookie missing 'Secure' attribute
- Attack detected
- Outdated Operating System Observed