Security misconfiguration detected (server fingerprinting).

Rule ID: javascript_express_reduce_fingerprint
Languages: javascript
Source: reduce_fingerprint.yml

Description

It can help to provide an extra layer of security to reduce server fingerprinting. Though not a security issue itself, a method to improve the overall posture of a web server is to take measures to reduce the ability to fingerprint the software being used on the server. Server software can be fingerprinted by quirks in how they respond to specific requests.

By default, Express.js sends the X-Powered-By response header banner. This can be disabled using the app.disable() method:

  app.disable('x-powered-by')

Resources

Express Security Best Practices

Associated CWE

CWE-693: Protection Mechanism Failure

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_express_reduce_fingerprint

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_express_reduce_fingerprint

Ready to take the next step? Learn more about Bearer Cloud.