OWASP - User contributions [en]

OWASP OVAL Content Project

2011-12-26T10:56:13Z

Gaurav Kumar:

OWASP OVAL Content Project

2011-12-26T10:46:02Z

Gaurav Kumar:

OWASP OVAL Content Project

2011-12-08T19:36:48Z

Gaurav Kumar:

==== Main ====

This project’s goal is to create standardized assesment documents (in OVAL XML format) for various application platforms such as .NET, Java, PHP etc. For example, there are several settings like Web.Config file which impacts security of ASP.NET web application. Likewise, PHP.INI has several security related settings. By creating OVAL definitions for these checks, it will enable any OVAL compatible tool (including the free OVAL Interpreter) to perform these checks.

 

----

 

PHP Related Security Definitions.

Below is a sample OVAL definition file which detects if Apache web server is running

----

<?xml version ="1.0" encoding="utf-8"?> <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris solaris-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd">

<generator>
<oval:product_name>OWASP OVAL Content Project</oval:product_name>
<oval:schema_version>5.10</oval:schema_version>
<oval:timestamp>2011-12-07T11:18:10.417-04:00</oval:timestamp>
</generator>
<definitions>
<definition id ="oval:org.owasp.oval:def:1" class ="compliance" version="1">
<metadata>
<title>Apache2 is running</title>
<description>Apache2 has been found to be running</description>
</metadata>
<criteria>
<criterion comment="test" test_ref="oval:org.owasp.oval:tst:1"/>
</criteria>
</definition>
</definitions>

<tests>
<process58_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:tst:1" version="1" comment="Apache2 running" check_existence="at_least_one_exists" check="at least one">
<object object_ref="oval:org.owasp.oval:obj:1"/>
</process58_test>
</tests>

<objects>
<process58_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:obj:1" version="1">
<command_line operation="pattern match">.*apache2 .*</command_line>
<pid datatype="int" operation="greater than">0</pid>
</process58_object>
</objects>

</oval_definitions>

 

----

 

 

==== PHP Security Settings ====

{| width="200" border="1" cellpadding="1" cellspacing="1"
|-
! scope="col" | No
! scope="col" | Setting
! scope="col" | Recommended Value
! scope="col" | Description
! scope="col" | OVAL Definition
|-
| 1
| register_globals
| Off
| http://www.php.net/manual/en/security.globals.php
| TBD
|-
| 2
| magic_quotes_gpc
| On
| http://us3.php.net/manual/en/security.magicquotes.whynot.php
| TBD
|-
| 3
| expose_php
| Off
| Reduce the amount of information available which includes the PHP version within the HTTP header (e.g., X-Powered-By: PHP/5.3.7).
| TBD
|}

 

 

 

==== Project About ====

{{:Projects/OWASP OVAL Content Project | Project About}}

 __NOTOC__ <headertabs />

[[Category:OWASP_Project|OVAL Content Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:OWASP_Alpha_Quality_Tool]]

OWASP OVAL Content Project

2011-12-08T19:35:07Z

Gaurav Kumar:

==== Main ====

This project’s goal is to create standardized assesment documents (in OVAL XML format) for various application platforms such as .NET, Java, PHP etc. For example, there are several settings like Web.Config file which impacts security of ASP.NET web application. Likewise, PHP.INI has several security related settings. By creating OVAL definitions for these checks, it will enable any OVAL compatible tool (including the free OVAL Interpreter) to perform these checks.

 

----

 

PHP Related Security Definitions.

Below is a sample OVAL definition file which detects if Apache web server is running

----

<?xml version ="1.0" encoding="utf-8"?> <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris solaris-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd">

<generator>
<oval:product_name>OWASP OVAL Content Project</oval:product_name>
<oval:schema_version>5.10</oval:schema_version>
<oval:timestamp>2011-12-07T11:18:10.417-04:00</oval:timestamp>
</generator>
<definitions>
<definition id ="oval:org.owasp.oval:def:1" class ="compliance" version="1">
<metadata>
<title>Apache2 is running</title>
<description>Apache2 has been found to be running</description>
</metadata>
<criteria>
<criterion comment="test" test_ref="oval:org.owasp.oval:tst:1"/>
</criteria>
</definition>
</definitions>

<tests>
<process58_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:tst:1" version="1" comment="Apache2 running" check_existence="at_least_one_exists" check="at least one">
<object object_ref="oval:org.owasp.oval:obj:1"/>
</process58_test>
</tests>

<objects>
<process58_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:obj:1" version="1">
<command_line operation="pattern match">.*apache2 .*</command_line>
<pid datatype="int" operation="greater than">0</pid>
</process58_object>
</objects>

</oval_definitions>

 

----

 

 

==== PHP Security Settings ====

{| width="200" border="1" cellpadding="1" cellspacing="1"
|-
! scope="col" | No
! scope="col" | Setting
! scope="col" | Recommended Value
! scope="col" | Description
! scope="col" | OVAL Definition
|-
| [[1]]
| register_globals
| Off
| http://www.php.net/manual/en/security.globals.php
| TBD
|-
| [[2]]
| magic_quotes_gpc
| On
| http://us3.php.net/manual/en/security.magicquotes.whynot.php
| TBD
|-
| [[3]]
| expose_php
| Off
| Reduce the amount of information available which includes the PHP version within the HTTP header (e.g., X-Powered-By: PHP/5.3.7).
| TBD
|}

 

 

 

==== Project About ====

{{:Projects/OWASP OVAL Content Project | Project About}}

 __NOTOC__ <headertabs />

[[Category:OWASP_Project|OVAL Content Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:OWASP_Alpha_Quality_Tool]]

OWASP OVAL Content Project

2011-12-08T19:27:35Z

Gaurav Kumar:

==== Main ====

This project’s goal is to create standardized assesment documents (in OVAL XML format) for various application platforms such as .NET, Java, PHP etc. For example, there are several settings like Web.Config file which impacts security of ASP.NET web application. Likewise, PHP.INI has several security related settings. By creating OVAL definitions for these checks, it will enable any OVAL compatible tool (including the free OVAL Interpreter) to perform these checks.

 

----

 

PHP Related Security Definitions.

Below is a sample OVAL definition file which detects if Apache web server is running

----

<?xml version ="1.0" encoding="utf-8"?> <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris solaris-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd">

<generator>
<oval:product_name>OWASP OVAL Content Project</oval:product_name>
<oval:schema_version>5.10</oval:schema_version>
<oval:timestamp>2011-12-07T11:18:10.417-04:00</oval:timestamp>
</generator>
<definitions>
<definition id ="oval:org.owasp.oval:def:1" class ="compliance" version="1">
<metadata>
<title>Apache2 is running</title>
<description>Apache2 has been found to be running</description>
</metadata>
<criteria>
<criterion comment="test" test_ref="oval:org.owasp.oval:tst:1"/>
</criteria>
</definition>
</definitions>

<tests>
<process58_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:tst:1" version="1" comment="Apache2 running" check_existence="at_least_one_exists" check="at least one">
<object object_ref="oval:org.owasp.oval:obj:1"/>
</process58_test>
</tests>

<objects>
<process58_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:obj:1" version="1">
<command_line operation="pattern match">.*apache2 .*</command_line>
<pid datatype="int" operation="greater than">0</pid>
</process58_object>
</objects>

</oval_definitions>

 

----

 

 

==== PHP Security Settings ====

{| width="200" border="1" cellpadding="1" cellspacing="1"
|-
! scope="col" | No
! scope="col" | Setting
! scope="col" | Recommended Value
! scope="col" | Description
! scope="col" | OVAL Definition
|-
| 1
| register_globals
| Off
| http://www.php.net/manual/en/security.globals.php
| TBD
|-
| 2
| magic_quotes_gpc
| On
| http://us3.php.net/manual/en/security.magicquotes.whynot.php
| TBD
|}

 

 

==== Project About ====

{{:Projects/OWASP OVAL Content Project | Project About}}

 __NOTOC__ <headertabs />

[[Category:OWASP_Project|OVAL Content Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:OWASP_Alpha_Quality_Tool]]

OWASP OVAL Content Project

2011-12-08T18:54:30Z

Gaurav Kumar:

==== Main ====

This project’s goal is to create standardized assesment documents (in OVAL XML format) for various application platforms such as .NET, Java, PHP etc. For example, there are several settings like Web.Config file which impacts security of ASP.NET web application. Likewise, PHP.INI has several security related settings. By creating OVAL definitions for these checks, it will enable any OVAL compatible tool (including the free OVAL Interpreter) to perform these checks.

 

----

 

PHP Related Security Definitions.

Below is a sample OVAL definition file which detects if Apache web server is running

----
<?xml version ="1.0" encoding="utf-8"?>
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris solaris-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd">

<generator>
<oval:product_name>OWASP OVAL Content Project</oval:product_name>
<oval:schema_version>5.10</oval:schema_version>
<oval:timestamp>2011-12-07T11:18:10.417-04:00</oval:timestamp>
</generator>
<definitions>
<definition id ="oval:org.owasp.oval:def:1" class ="compliance" version="1">
<metadata>
<title>Apache2 is running</title>
<description>Apache2 has been found to be running</description>
</metadata>
<criteria>
<criterion comment="test" test_ref="oval:org.owasp.oval:tst:1"/>
</criteria>
</definition>
</definitions>

<tests>
<process58_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:tst:1" version="1" comment="Apache2 running" check_existence="at_least_one_exists" check="at least one">
<object object_ref="oval:org.owasp.oval:obj:1"/>
</process58_test>
</tests>

<objects>
<process58_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:obj:1" version="1">
<command_line operation="pattern match">.*apache2 .*</command_line>
<pid datatype="int" operation="greater than">0</pid>
</process58_object>
</objects>
</oval_definitions>

----

 

 

 

==== PHP Security Settings ====

==== Project About ====

{{:Projects/OWASP OVAL Content Project | Project About}}

 __NOTOC__ <headertabs />

[[Category:OWASP_Project|OVAL Content Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:OWASP_Alpha_Quality_Tool]]

OWASP OVAL Content Project

2011-12-08T06:05:03Z

Gaurav Kumar:

==== Main ====

This project’s goal is to create standardized assesment documents (in OVAL XML format) for various application platforms such as .NET, Java, PHP etc. For example, there are several settings like Web.Config file which impacts security of ASP.NET web application. Likewise, PHP.INI has several security related settings. By creating OVAL definitions for these checks, it will enable any OVAL compatible tool (including the free OVAL Interpreter) to perform these checks.

 

----

 

PHP Related Security Definitions.

Below is a sample OVAL definition file which detects if Apache web server is running

----
<?xml version ="1.0" encoding="utf-8"?>
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris solaris-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd">

<generator>
<oval:product_name>OWASP OVAL Content Project</oval:product_name>
<oval:schema_version>5.10</oval:schema_version>
<oval:timestamp>2011-12-07T11:18:10.417-04:00</oval:timestamp>
</generator>
<definitions>
<definition id ="oval:org.owasp.oval:def:1" class ="compliance" version="1">
<metadata>
<title>Apache2 is running</title>
<description>Apache2 has been found to be running</description>
</metadata>
<criteria>
<criterion comment="test" test_ref="oval:org.owasp.oval:tst:1"/>
</criteria>
</definition>
</definitions>

<tests>
<process58_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:tst:1" version="1" comment="Apache2 running" check_existence="at_least_one_exists" check="at least one">
<object object_ref="oval:org.owasp.oval:obj:1"/>
</process58_test>
</tests>

<objects>
<process58_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.owasp.oval:obj:1" version="1">
<command_line operation="pattern match">.*apache2 .*</command_line>
<pid datatype="int" operation="greater than">0</pid>
</process58_object>
</objects>
</oval_definitions>

----

 

 

 

==== Project About ====

{{:Projects/OWASP OVAL Content Project | Project About}}

 __NOTOC__ <headertabs />

[[Category:OWASP_Project|OVAL Content Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:OWASP_Alpha_Quality_Tool]]

OWASP OVAL Content Project

2011-10-04T00:00:39Z

Gaurav Kumar:

OWASP OVAL Content Project

2011-10-03T23:55:42Z

Gaurav Kumar:

OWASP OVAL Content Project

2011-08-20T17:23:05Z

Gaurav Kumar:

OWASP OVAL Content Project

2011-08-14T16:45:14Z

Gaurav Kumar:

==== Main ====

This proejct's goal is to create standardized assesment documents (in [http://oval.mitre.org OVAL XML format]) for various applicaiton platforms such as .NET, Java, PHP etc. For example, there are several settings like Web.Config file which impacts security of ASP.NET web application. Likewise, PHP.INI has several security related settings. By creating OVAL definitions for these checks, it will enable any OVAL compatible tool (inclduing the free [http://oval.mitre.org/language/interpreter.html OVAL Interpreter]) to peform these checks. 

==== Project About ====

{{:Projects/OWASP OVAL Content Project | Project About}}

 __NOTOC__ <headertabs />

[[Category:OWASP_Project|OVAL Content Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:OWASP_Alpha_Quality_Tool]]