Man in a middle

HTTP vs HTTPS

Demo

strict-transport-security

Cookie

HttpOnly

demo

Secure

Path

Special headers

Profile of your app

CVE

Common Vulnerabilities and Exposures

filetype:config inurl:web.config inurl:ftp

Robots.txt

shodan

Don't help hackers