This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Category:WASS Security Frame
From OWASP
Revision as of 04:03, 19 May 2006 by MikeAndrews (talk | contribs)
Introduction Text
Add suggest approach of how to audit against/use the requirements
Requirements
- Requirement_4: Ensure that authorization checks are enforced in the application
- Requirement_5: Deploy mechanisms to securely perform tasks related to user management.
- Requirement_6: Take measures to securely manage user identification.
- Requirement_7: Validate user inputs
- Requirement_8: Validate outputs
- Requirement_9: Do not transmit sensitive information in GET requests.
- Requirement_10: Disable caching of sensitive pages.
- Requirement_11: Take measures to securely manage cookies.
- Requirement_12: Do not store sensitive information in Hidden fields.
- Requirement_13: Establish a new session identifier upon user authentication
Architecture
Deployment and Configuration
Authentication
Authorization
Session Management
Auditing and Logging
Data Validation
Injections
Privacy
Cryptography
File system
Canonicalization and Unicode
- Requirement_1: Establish a secure communication channel.
- Requirement_2: Secure the system hosting the web application.
- Requirement_3: Deploy mechanisms to enhance the security of authentication credentials used.
- Requirement_4: Ensure that authorization checks are enforced in the application
- Requirement_5: Deploy mechanisms to securely perform tasks related to user management.
- Requirement_6: Take measures to securely manage user identification.
- Requirement_7: Validate user inputs
- Requirement_8: Validate outputs
- Requirement_9: Do not transmit sensitive information in GET requests.
- Requirement_10: Disable caching of sensitive pages.
- Requirement_11: Take measures to securely manage cookies.
- Requirement_12: Do not store sensitive information in Hidden fields.
- Requirement_13: Establish a new session identifier upon user authentication
This category currently contains no pages or media.