Security Header Injection Module (SHIM)

Project Description
SHIM is a HTTP module that provides protection for many vulnerabilities by injecting security-specific HTTP headers into ASP.NET web applications.

Overview
The security header injection module (SHIM) was inspired by the OWASP Secure Headers Project. The goal of this project is to allow ASP.NET applications to improve the security of their web applications by using security-specific HTTP headers supported by modern browsers. Once SHIM is installed and configured, the headers instruct the browser to provide an extra layer of protection for preventing a number of web application vulnerabilities, including: cross-Site-Scripting (XSS), insecure data caching, man-in-the-middle attacks, content-type sniffing, and clickjacking.

More details on the OWASP project can be found here: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project

Supported Headers
SHIM currently supports the following HTTP Headers:

Cache-Control
Expires
Pragma
Content-Security-Policy
Strict-Transport-Security
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection

Installation
Please see the documentation: https://shim.codeplex.com/documentation

To Contribute
Contact us at oss at cypressdefense.com

Last edited Sep 22, 2014 at 4:52 PM by curea, version 5