Re: [FAQ] ASF advisory regarding http headers verbosity contradicts with one from owasp.org

2021-09-21 Thread Piotr Sionkowski
Hi Guys, First of all I would like to thank you for picking up the issue I brought. I conducted a quick experiment and checked how apache.org headers look like and got: $ curl -I apache.org | grep Server Server: Apache I did also a deeper dive and checked a bigger sample of n=86 webpa

Re: [FAQ] ASF advisory regarding http headers verbosity contradicts with one from owasp.org

2021-09-21 Thread Ruediger Pluem
On 9/21/21 2:40 PM, Piotr Sionkowski wrote: > Hi Guys, > >   > > First of all I would like to thank you for picking up the issue I brought. > >   > > I conducted a quick experiment and checked how apache.org headers look like > and got: > >   > > $ curl -I apache.org | grep Server > > Se

Re: [FAQ] ASF advisory regarding http headers verbosity contradicts with one from owasp.org

2021-09-21 Thread Luis Gil de Bernabé
hello, This is like arguing if VIM or emacs should be used. (jokes aside) I mean, some companies will accept that as a vulnerability and will make the effort to fix it and comply with security standards like OWASP as you mention @Piotr. But not all time is as great as that. If you search on any bu