This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:WASS Security Frame"
From OWASP
MikeAndrews (talk | contribs) |
(Reverting to last version not containing links to www.texttracbodom.com) |
||
| (5 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
== Introduction Text == | == Introduction Text == | ||
| − | Add | + | Add suggested approach of how to audit against/use the requirements |
== Requirements == | == Requirements == | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
=== Architecture === | === Architecture === | ||
| − | + | * | |
=== Deployment and Configuration === | === Deployment and Configuration === | ||
| Line 26: | Line 11: | ||
=== Authentication === | === Authentication === | ||
| − | *[[:Category:WASS | + | *[[:Category:WASS Credentials|Deploy mechanisms to enhance the security of authentication credentials used.]] |
| + | *[[:Category:WASS Authentication Identifer|Establish a new session identifier upon user authentication.]] | ||
=== Authorization === | === Authorization === | ||
*[[:Category:WASS Check Authorization|Ensure that authorization checks are enforced in the application.]] | *[[:Category:WASS Check Authorization|Ensure that authorization checks are enforced in the application.]] | ||
| − | === Session Management === | + | === Session and User Management === |
| − | + | *[[:Category:WASS User Managment|Deploy mechanisms to securely perform tasks related to user management.]] | |
| + | *[[:Category:WASS Session Managment|Take measures to securely manage user identification.]] | ||
| + | *[[:Category:WASS Cookie Managment|Take measures to securely manage cookies.]] | ||
=== Auditing and Logging === | === Auditing and Logging === | ||
| − | + | * | |
=== Data Validation === | === Data Validation === | ||
| − | + | *[[:Category:WASS Validate Inputs|Validate user inputs.]] | |
| + | *[[:Category:WASS Validate Outputs|Validate outputs.]] | ||
=== Injections === | === Injections === | ||
| − | + | * | |
=== Privacy === | === Privacy === | ||
| − | + | *[[:Category:WASS Sensitive Get Requests|Do not transmit sensitive information in GET requests.]] | |
| + | *[[:Category:WASS Page Caching|Disable caching of sensitive pages.]] | ||
| + | *[[:Category:WASS Hidden Fields|Do not store sensitive information in Hidden fields.]] | ||
=== Cryptography === | === Cryptography === | ||
| − | + | * | |
=== File system === | === File system === | ||
| − | + | * | |
=== Canonicalization and Unicode === | === Canonicalization and Unicode === | ||
| − | + | * | |
| − | |||
| − | |||
| − | * | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Latest revision as of 18:29, 27 May 2009
Introduction Text
Add suggested approach of how to audit against/use the requirements
Requirements
Architecture
Deployment and Configuration
Authentication
- Deploy mechanisms to enhance the security of authentication credentials used.
- Establish a new session identifier upon user authentication.
Authorization
Session and User Management
- Deploy mechanisms to securely perform tasks related to user management.
- Take measures to securely manage user identification.
- Take measures to securely manage cookies.
Auditing and Logging
Data Validation
Injections
Privacy
- Do not transmit sensitive information in GET requests.
- Disable caching of sensitive pages.
- Do not store sensitive information in Hidden fields.
Cryptography
File system
Canonicalization and Unicode
This category currently contains no pages or media.
