← Back to Home

Sample Security Report

https://example-app.vercel.app

HIGH

28.0

Risk Score

Total Findings

Attack Round

Executive Summary

vibeAudit scanned the target application and identified 15 security issues with an overall risk rating of HIGH. The most serious finding is Missing Content-Security-Policy (CSP). 2 high-severity issues should be addressed urgently. Tech stack detected: Next.js.

Mode: Quick Scan (12 of 36 tests)

Sample Findings

Missing Content-Security-Policy (CSP) HIGH

Your website has zero protection against cross-site scripting (XSS) attacks. Without a CSP header, if an attacker finds any way to inject code, their code runs with full access to every user's session and data.

Fix

// middleware.ts — add CSP header with nonce-based script allowlisting

Open Redirect on Auth Page (5 instances) HIGH

Auth endpoints accept external redirect URLs. Attackers can steal credentials by redirecting the post-login flow to their server.

Missing X-Frame-Options Header MEDIUM

Your page can be embedded in iframes, enabling clickjacking attacks.

Inline JavaScript Without CSP Protection MEDIUM

Page contains inline scripts with no CSP to distinguish legitimate code from injected code.

Technology Stack Disclosed LOW

Server headers reveal the framework in use, helping attackers target known vulnerabilities.

...and 10 more findings with fix code in the full report.

This is a quick scan (12 of 36 tests).

Deep Scan runs all 36 attack types including XSS, SQL injection, IDOR, and race conditions.

Scan Your App Free