Security issues library

Management interfaces and admin exposure checklist

Management interfaces and admin exposure checklist: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

WordPress administration surface signal

WordPress administration surface signal: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

phpMyAdmin exposure

phpMyAdmin exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Adminer exposure

Adminer exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Jenkins exposure

Jenkins exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Grafana exposure

Grafana exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Kibana exposure

Kibana exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Spring Actuator env exposure

Spring Actuator env exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Spring Actuator health exposure

Spring Actuator health exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Control panel surface (heuristic)

Control panel surface (heuristic): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Webmail surface (heuristic)

Webmail surface (heuristic): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Admin dashboard surface (heuristic)

Admin dashboard surface (heuristic): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Swagger UI publicly reachable

Swagger UI publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

ReDoc publicly reachable

ReDoc publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

OpenAPI schema publicly reachable

OpenAPI schema publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Health endpoint publicly reachable

Health endpoint publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Metrics endpoint publicly reachable

Metrics endpoint publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Public API documentation

Public API documentation: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

GraphQL interface publicly reachable

GraphQL interface publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Monitoring dashboard surface (heuristic)

Monitoring dashboard surface (heuristic): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Developer console surface (heuristic)

Developer console surface (heuristic): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Admin surface missing MFA (signal)

Admin surface missing MFA (signal): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Admin surface missing rate limits (signal)

Admin surface missing rate limits (signal): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Admin surface indexing signal

Admin surface indexing signal: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Login/admin redirect posture

Login/admin redirect posture: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Login surface heuristic

Login surface heuristic: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Actuator/debug-style endpoints

Actuator/debug-style endpoints: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Authenticated API probe context

Authenticated API probe context: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Secret-like values in bundles

Secret-like values in bundles: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Internal references in bundles

Internal references in bundles: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Unreadable source map

Unreadable source map: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

JavaScript scanner coverage incomplete

JavaScript scanner coverage incomplete: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

API scanner coverage incomplete

API scanner coverage incomplete: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Header-based technology disclosure

Header-based technology disclosure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Next.js artifacts observable

Next.js artifacts observable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Nuxt artifacts observable

Nuxt artifacts observable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Technology fingerprint coverage incomplete

Technology fingerprint coverage incomplete: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Untracked Subdomains

Untracked Subdomains: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Exposed Subdomains

Exposed Subdomains: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Stale Subdomain Records

Stale Subdomain Records: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

New Subdomain Detected

New Subdomain Detected: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Changed Subdomain Detected

Changed Subdomain Detected: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Unresolved Subdomain

Unresolved Subdomain: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Parked Subdomain Risk

Parked Subdomain Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Shadow It Asset

Shadow It Asset: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Asset Inventory Gaps

Asset Inventory Gaps: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Unmonitored Assets

Unmonitored Assets: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Unowned Third Party Asset

Unowned Third Party Asset: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Asset Discovery Coverage Limited

Asset Discovery Coverage Limited: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Open port exposure

Open port exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Exposed admin interface

Exposed admin interface: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Exposed login portal

Exposed login portal: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Exposed files and directories

Exposed files and directories: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Dangerous paths exposure

Dangerous paths exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Subdomain takeover risk

Subdomain takeover risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Dangling CNAME record

Dangling CNAME record: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Public cloud storage exposure

Public cloud storage exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Unprotected S3 bucket

Unprotected S3 bucket: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Origin server exposed

Origin server exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Insecure cookie flags

Insecure cookie flags: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing HttpOnly on sensitive cookies

Missing HttpOnly on sensitive cookies: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing Secure flag on cookies

Missing Secure flag on cookies: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Cookie security best practices

Cookie security best practices: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing or invalid SameSite on cookies

Missing or invalid SameSite on cookies: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

SameSite=None without Secure

SameSite=None without Secure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Cookie Domain scoping risks

Cookie Domain scoping risks: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Cookie Path scoping risks

Cookie Path scoping risks: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Long-lived sensitive session cookies

Long-lived sensitive session cookies: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Cookie prefix violations

Cookie prefix violations: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Host prefix cookie (__Host-) misconfiguration

Host prefix cookie (__Host-) misconfiguration: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

__Secure- cookie misconfiguration

__Secure- cookie misconfiguration: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

JavaScript-readable sensitive cookies

JavaScript-readable sensitive cookies: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSRF token cookies readable via JavaScript

CSRF token cookies readable via JavaScript: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Duplicate cookie name across scopes

Duplicate cookie name across scopes: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Session cookie hardening checklist

Session cookie hardening checklist: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Sensitive SameSite=None cookies

Sensitive SameSite=None cookies: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Security Signal Correlation Issues

Security Signal Correlation Issues: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Multi Vector Exposure Risk

Multi Vector Exposure Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Compound Attack Surface Risk

Compound Attack Surface Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Email And Web Risk Correlation

Email And Web Risk Correlation: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Dns And Takeover Risk Correlation

Dns And Takeover Risk Correlation: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Origin And Cdn Risk Correlation

Origin And Cdn Risk Correlation: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Exposure Regression Detected

Exposure Regression Detected: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Security Posture Drift

Security Posture Drift: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Cross Signal Scan Coverage Limited

Cross Signal Scan Coverage Limited: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CORS misconfiguration

CORS misconfiguration: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Access-Control-Allow-Origin wildcard risks

Access-Control-Allow-Origin wildcard risks: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CORS with credentials risk

CORS with credentials risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CORS vulnerability scenarios

CORS vulnerability scenarios: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CORS Origin reflection

CORS Origin reflection: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Dynamic CORS missing Vary: Origin

Dynamic CORS missing Vary: Origin: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CORS preflight allows overly broad methods

CORS preflight allows overly broad methods: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CORS preflight allows overly broad request headers

CORS preflight allows overly broad request headers: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CORS exposes sensitive response headers

CORS exposes sensitive response headers: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CORS null Origin risk

CORS null Origin risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CORS credentialed requests with reflected Origin

CORS credentialed requests with reflected Origin: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CORS preflight misconfiguration or partial coverage

CORS preflight misconfiguration or partial coverage: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

API CORS exposure risk

API CORS exposure risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

TLS scanner coverage incomplete

TLS scanner coverage incomplete: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Port scan coverage limited

Port scan coverage limited: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Scan Coverage Limited

Scan Coverage Limited: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Partial Scan Results

Partial Scan Results: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Scanner Timeout

Scanner Timeout: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Route Probe Failed

Route Probe Failed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Dns Probe Failed

Dns Probe Failed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Tls Probe Failed

Tls Probe Failed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Http Probe Blocked

Http Probe Blocked: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Security Tool Blocked

Security Tool Blocked: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP allows unsafe-inline (scripts/styles)

CSP allows unsafe-inline (scripts/styles): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP allows unsafe-eval

CSP allows unsafe-eval: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP wildcard or overly broad sources

CSP wildcard or overly broad sources: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP missing or weak base-uri

CSP missing or weak base-uri: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP missing or loose object-src

CSP missing or loose object-src: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP frame-ancestors missing or too broad

CSP frame-ancestors missing or too broad: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP only in Report-Only mode

CSP only in Report-Only mode: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP missing violation reporting

CSP missing violation reporting: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP data:/blob:/scheme sources

CSP data:/blob:/scheme sources: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP strict-dynamic / nonce policy pitfalls

CSP strict-dynamic / nonce policy pitfalls: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP script policy without nonces/hashes

CSP script policy without nonces/hashes: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP connect-src too permissive

CSP connect-src too permissive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP frame-src / child-src too permissive

CSP frame-src / child-src too permissive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP worker-src overly permissive

CSP worker-src overly permissive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CSP policy generally too permissive

CSP policy generally too permissive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing DMARC record

Missing DMARC record: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DMARC policy p=none (monitoring only)

DMARC policy p=none (monitoring only): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DMARC alignment or authentication failures

DMARC alignment or authentication failures: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing SPF record

Missing SPF record: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Invalid or fragile SPF record

Invalid or fragile SPF record: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DKIM not configured or failing

DKIM not configured or failing: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Email authentication failure (SPF/DKIM/DMARC)

Email authentication failure (SPF/DKIM/DMARC): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing CAA records

Missing CAA records: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CAA record misconfiguration (signal)

CAA record misconfiguration (signal): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DNSSEC not enabled (signal)

DNSSEC not enabled (signal): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DNSSEC validation inconclusive

DNSSEC validation inconclusive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Wildcard DNS risk signal

Wildcard DNS risk signal: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Dangling DNS record

Dangling DNS record: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Inconsistent apex / www DNS

Inconsistent apex / www DNS: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Nameserver or delegation weakness

Nameserver or delegation weakness: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DNS resolution failure

DNS resolution failure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DNS SERVFAIL observed

DNS SERVFAIL observed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DNS zone exposure risk signal

DNS zone exposure risk signal: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DNS record sprawl or hygiene issue

DNS record sprawl or hygiene issue: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DNS governance checklist

DNS governance checklist: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DNS posture metadata / inconclusive notes

DNS posture metadata / inconclusive notes: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Environment file publicly reachable

Environment file publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

.git/config file exposed publicly

.git/config file exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

.git metadata exposure signal

.git metadata exposure signal: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Backup archives publicly reachable

Backup archives publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

SQL/database dumps publicly reachable

SQL/database dumps publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Log files publicly reachable

Log files publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Debug/phpinfo-style endpoints reachable

Debug/phpinfo-style endpoints reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Apache server-status exposure signal

Apache server-status exposure signal: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Server-status page ambiguous visibility

Server-status page ambiguous visibility: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Package manifest files exposed

Package manifest files exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Configuration files reachable

Configuration files reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Test endpoints reachable

Test endpoints reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Staging paths reachable

Staging paths reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Public JavaScript source maps reachable

Public JavaScript source maps reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Public directory listings

Public directory listings: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Public informational file reachable (robots/sitemap/etc.)

Public informational file reachable (robots/sitemap/etc.): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Dangerous path scan coverage incomplete

Dangerous path scan coverage incomplete: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

robots.txt may reveal sensitive locations

robots.txt may reveal sensitive locations: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

sitemap references sensitive URLs

sitemap references sensitive URLs: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing Content-Security-Policy (CSP)

Missing Content-Security-Policy (CSP): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Content-Security-Policy errors and weak directives

Content-Security-Policy errors and weak directives: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing HTTP Strict Transport Security (HSTS)

Missing HTTP Strict Transport Security (HSTS): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

HSTS present but weak or misconfigured

HSTS present but weak or misconfigured: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing clickjacking protection (X-Frame-Options / frame-ancestors)

Missing clickjacking protection (X-Frame-Options / frame-ancestors): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing X-Content-Type-Options: nosniff

Missing X-Content-Type-Options: nosniff: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing or leaky Referrer-Policy

Missing or leaky Referrer-Policy: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Security headers checklist for production sites

Security headers checklist for production sites: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

How to check HTTP security headers

How to check HTTP security headers: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing MX records

Missing MX records: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Unexpected MX record

Unexpected MX record: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

SPF too permissive

SPF too permissive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

SPF too many lookups (signal)

SPF too many lookups (signal): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

SPF include chain risk

SPF include chain risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

SPF softfail posture

SPF softfail posture: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DMARC quarantine posture

DMARC quarantine posture: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DMARC reject posture

DMARC reject posture: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DMARC alignment failures

DMARC alignment failures: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DMARC reporting not configured

DMARC reporting not configured: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DKIM selector missing

DKIM selector missing: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DKIM key too weak

DKIM key too weak: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

DKIM alignment failure

DKIM alignment failure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Conflicting SPF/DMARC signals

Conflicting SPF/DMARC signals: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Brand / domain spoofing risk (mail signal)

Brand / domain spoofing risk (mail signal): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Weak overall mail authentication posture

Weak overall mail authentication posture: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Origin Ip Exposed

Origin Ip Exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Direct Origin Access

Direct Origin Access: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Cdn Bypass Risk

Cdn Bypass Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Waf Bypass Risk

Waf Bypass Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Cloudflare Origin Bypass

Cloudflare Origin Bypass: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Inconsistent Cdn Coverage

Inconsistent Cdn Coverage: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Missing Origin Firewall

Missing Origin Firewall: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Origin Leaks Through Dns

Origin Leaks Through Dns: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Origin Leaks Through Certificates

Origin Leaks Through Certificates: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Edge Cache Security Risk

Edge Cache Security Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Infrastructure Exposure

Infrastructure Exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Phishing Impersonation Risk

Phishing Impersonation Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Domain Impersonation

Domain Impersonation: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Lookalike Domain Risk

Lookalike Domain Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Typosquatting Risk

Typosquatting Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Homograph Domain Risk

Homograph Domain Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Brand Impersonation Signal

Brand Impersonation Signal: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Mail Domain Impersonation Risk

Mail Domain Impersonation Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Phishing Risk Inconclusive

Phishing Risk Inconclusive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Phishing Scan Coverage Limited

Phishing Scan Coverage Limited: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

SSH service exposed publicly

SSH service exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Remote Desktop exposed publicly

Remote Desktop exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

VNC exposed publicly

VNC exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

FTP exposed publicly

FTP exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

SMTP exposed publicly

SMTP exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

MySQL exposed publicly

MySQL exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Postgres exposed publicly

Postgres exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Redis exposed publicly

Redis exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

MongoDB exposed publicly

MongoDB exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Elasticsearch API exposed publicly

Elasticsearch API exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Kubernetes API exposed publicly

Kubernetes API exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Docker API exposed publicly

Docker API exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Alternate HTTP ports exposed publicly

Alternate HTTP ports exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

MSSQL exposed publicly

MSSQL exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Oracle listener exposed publicly

Oracle listener exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Unexpected service banners

Unexpected service banners: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Service version fingerprint

Service version fingerprint: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Dev-style HTTP ports exposed publicly

Dev-style HTTP ports exposed publicly: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Remote administration surface exposed

Remote administration surface exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Insecure auxiliary service exposed

Insecure auxiliary service exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Other sensitive protocols exposed (Telnet/SMB/memcached/etc.)

Other sensitive protocols exposed (Telnet/SMB/memcached/etc.): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Docker TLS API exposure

Docker TLS API exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Elasticsearch transport port exposed

Elasticsearch transport port exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Exposed Secrets

Exposed Secrets: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Api Keys Exposed

Api Keys Exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Access Token Exposed

Access Token Exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Private Key Exposed

Private Key Exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Database Credentials Exposed

Database Credentials Exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Oauth Secret Exposed

Oauth Secret Exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Cloud Credentials Exposed

Cloud Credentials Exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Environment Files Exposed

Environment Files Exposed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Secret Like Value Detected

Secret Like Value Detected: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Secrets Exposure Inconclusive

Secrets Exposure Inconclusive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Secrets Scan Coverage Limited

Secrets Scan Coverage Limited: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Public Gcs Bucket

Public Gcs Bucket: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Public Azure Blob Container

Public Azure Blob Container: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Public Object Storage

Public Object Storage: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Storage Bucket Listing Enabled

Storage Bucket Listing Enabled: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Public Storage Object Index

Public Storage Object Index: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Domain Linked Storage Exposure

Domain Linked Storage Exposure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Storage Permission Misconfiguration

Storage Permission Misconfiguration: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Storage Sensitive File Risk

Storage Sensitive File Risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Storage Exposure Inconclusive

Storage Exposure Inconclusive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Storage Scan Coverage Limited

Storage Scan Coverage Limited: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Dangling Alias Record

Dangling Alias Record: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Unclaimed Third Party Service

Unclaimed Third Party Service: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Unclaimed Cloud Service

Unclaimed Cloud Service: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Takeover Provider Error Signature

Takeover Provider Error Signature: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Takeover Risk Inconclusive

Takeover Risk Inconclusive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Takeover Scan Coverage Limited

Takeover Scan Coverage Limited: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

TLS misconfiguration risks

TLS misconfiguration risks: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Weak SSL/TLS cipher suites

Weak SSL/TLS cipher suites: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Expired SSL/TLS certificate

Expired SSL/TLS certificate: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Certificate renewal and lifecycle (30-day window)

Certificate renewal and lifecycle (30-day window): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Invalid or untrusted SSL certificate

Invalid or untrusted SSL certificate: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

SSL certificate chain incomplete or broken

SSL certificate chain incomplete or broken: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

TLS version too low (legacy protocols)

TLS version too low (legacy protocols): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Certificate hostname mismatch

Certificate hostname mismatch: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Certificate name coverage mismatch (signal)

Certificate name coverage mismatch (signal): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Weak certificate signature hash

Weak certificate signature hash: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

SHA-1 observed in certificate material (signal)

SHA-1 observed in certificate material (signal): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Weak certificate key (signal)

Weak certificate key (signal): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

OCSP stapling not observed

OCSP stapling not observed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

OCSP / must-staple posture inconclusive

OCSP / must-staple posture inconclusive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Certificate Transparency indicators inconclusive

Certificate Transparency indicators inconclusive: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Certificate not yet valid

Certificate not yet valid: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Unusual or inconsistent certificate chain depth

Unusual or inconsistent certificate chain depth: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Forward secrecy posture signal

Forward secrecy posture signal: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

CBC / legacy cipher risk signal

CBC / legacy cipher risk signal: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

TLS posture drift versus expectations (signal)

TLS posture drift versus expectations (signal): what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Self-signed certificate observed

Self-signed certificate observed: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Certificate revocation status failure

Certificate revocation status failure: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

HTTP does not redirect to HTTPS

HTTP does not redirect to HTTPS: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Cleartext HTTP access without upgrade

Cleartext HTTP access without upgrade: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

HTTPS redirect loop detected

HTTPS redirect loop detected: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Inconsistent HTTP/HTTPS posture

Inconsistent HTTP/HTTPS posture: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Apex / www canonical mismatch

Apex / www canonical mismatch: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Mixed content posture risk

Mixed content posture risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Long redirect chain risk

Long redirect chain risk: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Redirects toward a different hostname

Redirects toward a different hostname: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Transport-layer security inconsistencies

Transport-layer security inconsistencies: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.