1 00:00:01,360 --> 00:00:04,510 Hello, everyone, and welcome to this video. 2 00:00:05,450 --> 00:00:12,930 So till now, we have been pretty much confident in identifying click tracking based vulnerabilities. 3 00:00:13,490 --> 00:00:21,950 So now, you know, we have one more alternative to identify click tracking based when liabilities quickly 4 00:00:21,950 --> 00:00:22,610 on the go. 5 00:00:23,300 --> 00:00:32,030 So here we have our Target website, which is TechCrunch dot com, and we are going to see if this website 6 00:00:32,030 --> 00:00:33,600 is vulnerable to click checking. 7 00:00:34,010 --> 00:00:36,880 So simply first, I'm going to copy the you all. 8 00:00:37,220 --> 00:00:42,020 So we are going to test this later on to identify if it is vulnerable or not. 9 00:00:42,680 --> 00:00:52,430 So for this, you can log on to security Hadass dot com, which basically kinds of probes out all the 10 00:00:52,430 --> 00:00:59,070 security headers which have been associated with any particular Web site. 11 00:00:59,600 --> 00:01:06,350 So basically, as you can see, there is a big scan button over here where you need to enter the address 12 00:01:06,380 --> 00:01:07,910 of the target Web site. 13 00:01:08,150 --> 00:01:18,050 And it can therefore, once you do that, this website will basically scan all the target security headers 14 00:01:18,410 --> 00:01:25,640 onto the target Web site to identify if it fits in any of these columns. 15 00:01:25,640 --> 00:01:33,200 As you can see, it says Hall of Fame or Hall of Fame, in case it has all the required security headers. 16 00:01:33,500 --> 00:01:37,880 Then it is going to give a grade based on the headers present. 17 00:01:38,090 --> 00:01:44,150 And if it misses any of the headers and it is going to put it into the column of Hall of Shame, which 18 00:01:44,150 --> 00:01:49,030 basically means the security is low and there are no headers present. 19 00:01:49,520 --> 00:01:51,590 So let's quickly see how do we do it. 20 00:01:52,730 --> 00:01:58,200 So once you're onto this target Web site, kindly enter the target over here. 21 00:01:58,220 --> 00:02:02,350 So I'm going to enter the target over here and hit on scan. 22 00:02:02,960 --> 00:02:09,260 So as I said that we are going to see a grade based on the security headers. 23 00:02:09,530 --> 00:02:15,140 And you we have seen that the grade that has been given is a grade of F. 24 00:02:15,620 --> 00:02:23,780 That basically means that the website TechCrunch dot com misses all the required and necessary security 25 00:02:23,780 --> 00:02:24,320 headers. 26 00:02:24,620 --> 00:02:32,840 Thus it lies into the column of Hall of Shame, which basically means there is a lack of a security. 27 00:02:33,960 --> 00:02:39,930 And now, you know, we can observe the most important thing that we want to look on, which is the 28 00:02:39,930 --> 00:02:47,820 extreme options, and you can see the Red Cross over there, which confirms that this website will be 29 00:02:47,840 --> 00:02:53,580 vulnerable to click jacking as there is no extreme options moving down. 30 00:02:53,790 --> 00:03:00,480 If you want to read about any of the security headers or what they actually mean, you can read it over 31 00:03:00,480 --> 00:03:08,200 here into the documentation part that there has been an excellent one liner for each of the security 32 00:03:08,200 --> 00:03:10,770 headers, which you can read from here and understand. 33 00:03:11,100 --> 00:03:18,170 And also they have given the mitigations of what will happen if you implement these headers. 34 00:03:18,600 --> 00:03:25,290 So I hope you guys understood how you can utilize this website on the go to identify multiple websites 35 00:03:25,800 --> 00:03:33,420 in case they lack any of the security headers to give a great which ranges from A to F. 36 00:03:33,640 --> 00:03:34,230 Thank you.