Difference between revisions of "Category:WASS Security Frame"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 
 
== Introduction Text ==
 
== Introduction Text ==
 
Add suggest approach of how to audit against/use the requirements
 
Add suggest approach of how to audit against/use the requirements
  
 
== Requirements ==
 
== Requirements ==
 
 
*[[Requirement_4]]: Ensure that authorization checks are enforced in the application
 
*[[Requirement_5]]: Deploy mechanisms to securely perform tasks related to user management.
 
*[[Requirement_6]]: Take measures to securely manage user identification.
 
*[[Requirement_7]]: Validate user inputs
 
*[[Requirement_8]]: Validate outputs
 
*[[Requirement_9]]: Do not transmit sensitive information in GET requests.
 
*[[Requirement_10]]: Disable caching of sensitive pages.
 
*[[Requirement_11]]: Take measures to securely manage cookies.
 
*[[Requirement_12]]: Do not store sensitive information in Hidden fields.
 
*[[Requirement_13]]: Establish a new session identifier upon user authentication
 
 
 
 
=== Architecture ===
 
=== Architecture ===
 
+
*
  
 
=== Deployment and Configuration ===
 
=== Deployment and Configuration ===
Line 26: Line 11:
  
 
=== Authentication ===
 
=== Authentication ===
*[[:Category:WASS Secure Credentials|Deploy mechanisms to enhance the security of authentication credentials used.]]
+
*[[:Category:WASS Credentials|Deploy mechanisms to enhance the security of authentication credentials used.]]
 +
*[[:Category:WASS Authentication Identifer|Establish a new session identifier upon user authentication.]]
  
 
=== Authorization ===
 
=== Authorization ===
 
*[[:Category:WASS Check Authorization|Ensure that authorization checks are enforced in the application.]]
 
*[[:Category:WASS Check Authorization|Ensure that authorization checks are enforced in the application.]]
  
=== Session Management ===
+
=== Session and User Management ===
 
+
*[[:Category:WASS User Managment|Deploy mechanisms to securely perform tasks related to user management.]]
 +
*[[:Category:WASS Session Managment|Take measures to securely manage user identification.]]
 +
*[[:Category:WASS Cookie Managment|Take measures to securely manage cookies.]]
  
 
=== Auditing and Logging ===  
 
=== Auditing and Logging ===  
 
+
*
  
 
=== Data Validation ===  
 
=== Data Validation ===  
 
+
*[[:Category:WASS Validate Inputs|Validate user inputs.]]
 +
*[[:Category:WASS Validate Outputs|Validate outputs.]]
  
 
=== Injections ===
 
=== Injections ===
 
+
*
  
 
=== Privacy ===
 
=== Privacy ===
 
+
*[[:Category:WASS Sensitive Get Requests|Do not transmit sensitive information in GET requests.]]
 +
*[[:Category:WASS Page Caching|Disable caching of sensitive pages.]]
 +
*[[:Category:WASS Hidden Fields|Do not store sensitive information in Hidden fields.]]
  
 
=== Cryptography ===
 
=== Cryptography ===
 
+
*
  
 
=== File system ===  
 
=== File system ===  
 
+
*
  
 
=== Canonicalization and Unicode ===
 
=== Canonicalization and Unicode ===
 
+
*
 
+
 
+
*[[Requirement_1]]: Establish a secure communication channel.
+
*[[Requirement_2]]: Secure the system hosting the web application.
+
*[[Requirement_3]]: Deploy mechanisms to enhance the security of authentication credentials used.
+
*[[Requirement_4]]: Ensure that authorization checks are enforced in the application
+
*[[Requirement_5]]: Deploy mechanisms to securely perform tasks related to user management.
+
*[[Requirement_6]]: Take measures to securely manage user identification.
+
*[[Requirement_7]]: Validate user inputs
+
*[[Requirement_8]]: Validate outputs
+
*[[Requirement_9]]: Do not transmit sensitive information in GET requests.
+
*[[Requirement_10]]: Disable caching of sensitive pages.
+
*[[Requirement_11]]: Take measures to securely manage cookies.
+
*[[Requirement_12]]: Do not store sensitive information in Hidden fields.
+
*[[Requirement_13]]: Establish a new session identifier upon user authentication
+

Revision as of 23:13, 18 May 2006

Introduction Text

Add suggest approach of how to audit against/use the requirements

Requirements

Architecture

Deployment and Configuration

Authentication

Authorization

Session and User Management

Auditing and Logging

Data Validation

Injections

Privacy

Cryptography

File system

Canonicalization and Unicode

This category currently contains no pages or media.