I am currently using Apache server for Wamp application for my project. While doing a security scanning, the report came out with 2 errors:
What do I need to do to solve these? Thank you.
There is a help here you can implement csrf tokens: https://code-boxx.com/simple-csrf-token-php/
You can read more about what is csrf token and why it's useful here:https://portswigger.net/web-security/csrf/tokens
A CSRF token is a unique, secret, unpredictable value that is generated by the server-side application and transmitted to the client in such a way that it is included in a subsequent HTTP request made by the client. When the later request is made, the server-side application validates that the request includes the expected token and rejects the request if the token is missing or invalid.
CSRF tokens can prevent CSRF attacks by making it impossible for an attacker to construct a fully valid HTTP request suitable for feeding to a victim user. Since the attacker cannot determine or predict the value of a user's CSRF token, they cannot construct a request with all the parameters that are necessary for the application to honor the request.
And for removing X-Powered-By you can set expose_php = off in your php.ini file