Category:WASS Security Frame

Introduction Text
Add suggest approach of how to audit against/use the requirements

Requirements

 * Requirement_4: Ensure that authorization checks are enforced in the application
 * Requirement_5: Deploy mechanisms to securely perform tasks related to user management.
 * Requirement_6: Take measures to securely manage user identification.
 * Requirement_7: Validate user inputs
 * Requirement_8: Validate outputs
 * Requirement_9: Do not transmit sensitive information in GET requests.
 * Requirement_10: Disable caching of sensitive pages.
 * Requirement_11: Take measures to securely manage cookies.
 * Requirement_12: Do not store sensitive information in Hidden fields.
 * Requirement_13: Establish a new session identifier upon user authentication

Deployment and Configuration

 * Secure the system hosting the web application.
 * Establish a secure communication channel.

Authentication

 * Deploy mechanisms to enhance the security of authentication credentials used.

Authorization

 * Ensure that authorization checks are enforced in the application.

Canonicalization and Unicode

 * Requirement_1: Establish a secure communication channel.
 * Requirement_2: Secure the system hosting the web application.
 * Requirement_3: Deploy mechanisms to enhance the security of authentication credentials used.
 * Requirement_4: Ensure that authorization checks are enforced in the application
 * Requirement_5: Deploy mechanisms to securely perform tasks related to user management.
 * Requirement_6: Take measures to securely manage user identification.
 * Requirement_7: Validate user inputs
 * Requirement_8: Validate outputs
 * Requirement_9: Do not transmit sensitive information in GET requests.
 * Requirement_10: Disable caching of sensitive pages.
 * Requirement_11: Take measures to securely manage cookies.
 * Requirement_12: Do not store sensitive information in Hidden fields.
 * Requirement_13: Establish a new session identifier upon user authentication