Category:WASS Security Frame

From OWASP

Contents 1 Introduction Text 2 Requirements 2.1 Architecture 2.2 Deployment and Configuration 2.3 Authentication 2.4 Authorization 2.5 Session and User Management 2.6 Auditing and Logging 2.7 Data Validation 2.8 Injections 2.9 Privacy 2.10 Cryptography 2.11 File system 2.12 Canonicalization and Unicode

Introduction Text

Add suggested approach of how to audit against/use the requirements

Requirements

Architecture

Deployment and Configuration

• Secure the system hosting the web application.
• Establish a secure communication channel.

Authentication

• Deploy mechanisms to enhance the security of authentication credentials used.
• Establish a new session identifier upon user authentication.

Authorization

• Ensure that authorization checks are enforced in the application.

Session and User Management

• Deploy mechanisms to securely perform tasks related to user management.
• Take measures to securely manage user identification.
• Take measures to securely manage cookies.

Auditing and Logging

Data Validation

• Validate user inputs.
• Validate outputs.

Injections

Privacy

• Do not transmit sensitive information in GET requests.
• Disable caching of sensitive pages.
• Do not store sensitive information in Hidden fields.

Cryptography

File system

Canonicalization and Unicode

This category currently contains no articles or media.