Category:WASS Security Frame

Introduction Text

Add suggested approach of how to audit against/use the requirements

Requirements

Architecture

Deployment and Configuration

• Secure the system hosting the web application.
• Establish a secure communication channel.

Authentication

• Deploy mechanisms to enhance the security of authentication credentials used.
• Establish a new session identifier upon user authentication.

Authorization

• Ensure that authorization checks are enforced in the application.

Session and User Management

• Deploy mechanisms to securely perform tasks related to user management.
• Take measures to securely manage user identification.
• Take measures to securely manage cookies.

Auditing and Logging

Data Validation

• Validate user inputs.
• Validate outputs.

Injections

Privacy

• Do not transmit sensitive information in GET requests.
• Disable caching of sensitive pages.
• Do not store sensitive information in Hidden fields.

Cryptography

File system

Canonicalization and Unicode