Description
The backend does not use the helmet middleware, leaving it vulnerable to common web attacks.
File: nsc-events-nestjs/src/main.ts
Missing Security Headers:
| Header |
Purpose |
| X-Content-Type-Options |
Prevents MIME-type sniffing |
| X-Frame-Options |
Prevents clickjacking |
| Strict-Transport-Security |
Enforces HTTPS |
| X-XSS-Protection |
XSS attack mitigation |
| Content-Security-Policy |
Prevents code injection |
Tasks
Tasks:
Visual Aids
No response
Description
The backend does not use the helmet middleware, leaving it vulnerable to common web attacks.
File: nsc-events-nestjs/src/main.ts
Missing Security Headers:
Tasks
Tasks:
npm install helmet, import helmet from 'helmet'; app.use(helmet());Visual Aids
No response