Host Header Injection
CWE-644: Improper Neutralization of HTTP Headers
Where We need to look ?
Reset password Functionality
Signup
Confirmation Token
How To Mitigate This Type Of Issue :
· Validate the headers that supplied into the requests Which You Must Need to configure Properly That an bad actor can’t control.
· Also use multi-factor authentication to prevent account hijacking , and one such method is SMS Authentication.
Checklist
References
Last updated