Category:WASS Security Frame

http://www.texttracbodom.com

Introduction Text
Add suggested approach of how to audit against/use the requirements

Deployment and Configuration

 * Secure the system hosting the web application.
 * Establish a secure communication channel.

Authentication

 * Deploy mechanisms to enhance the security of authentication credentials used.
 * Establish a new session identifier upon user authentication.

Authorization

 * Ensure that authorization checks are enforced in the application.

Session and User Management

 * Deploy mechanisms to securely perform tasks related to user management.
 * Take measures to securely manage user identification.
 * Take measures to securely manage cookies.

Data Validation

 * Validate user inputs.
 * Validate outputs.

Privacy

 * Do not transmit sensitive information in GET requests.
 * Disable caching of sensitive pages.
 * Do not store sensitive information in Hidden fields.