Hi
I’m a security engineer (junior), just getting started with Rapid7.
We are running insightVM security console in a locked down environment.
We access it using a browser
https://x.x.x.x:3780/login.jsp
The pen test guys came in and said “you don’t have HSTS turned on in the security console webserver, this is a security risk, please turn it on”.
I can’t figure out how to turn on HSTS. The documentation says that the security console is running an “embedded web server” - I’m familiar with apache and nginx - but I can’t see any documentation about how to turn on HSTS on the security console embedded web server.
Was wondering how to turn it on.
thanks
Patrick