\subsection{Authentication}
\subsection{Session Management}
+\input{v3_session.tex}
\subsection{Access Control}
\input{v4_access.tex}
\subsection{Input Validation \& Output Encoding/Escaping}
\input{v5_input.tex}
+\addtocounter{subsection}{1}
+
\subsection{Cryptography at rest}
+\input{v7_cryptography.tex}
\subsection{Error Handling \& logging}
--- /dev/null
+\begin{enumerate}[label={3.\arabic*}]
+
+ \item
+ \TODO{}
+ Verify that there is no custom session manager, or that the custom session
+ manager is resistant against all common session management attacks.
+
+ \item
+ \TODO{}
+ Verify that sessions are invalidated when the user logs out.
+
+ \item
+ \TODO{}
+ Verify that sessions timeout after a specified period of inactivity.
+
+ \notapplicable{
+ \item
+ Verify that sessions timeout after an administratively-configurable
+ maximum time period regardless of activity (an absolute timeout).
+ }
+
+ \item
+ \TODO{}
+ Verify that all pages that require authentication have easy and visible
+ access to logout functionality.
+
+ \item
+ \TODO{}
+ Verify that the session id is never disclosed in URLs, error messages, or
+ logs. This includes verifying that the application does not support URL
+ rewriting of session cookies.
+
+ \item
+ \TODO{}
+ Verify that all successful authentication and re-authentication generates
+ a new session and session id.
+
+ \notapplicable{
+ \item
+ Verify that only session ids generated by the application framework are
+ recognized as active by the application.
+ }
+
+ \item
+ \TODO{}
+ Verify that session ids are sufficiently long, random and unique across the
+ correct active session base.
+
+ \item
+ \TODO{}
+ Verify that session ids stored in cookies have their path set to an
+ appropriately restrictive value for the application, and authentication
+ session tokens additionally set the “HttpOnly” and “secure” attributes.
+
+ \item
+ \TODO{}
+ Verify that the application limits the number of active concurrent sessions.
+
+ \item
+ \TODO{}
+ Verify that an active session list is displayed in the account profile or
+ similar of each user. The user should be able to terminate any active
+ session.
+
+ \item
+ \TODO{}
+ Verify the user is prompted with the option to terminate all other active
+ sessions after a successful change password process.
+
+\end{enumerate}
--- /dev/null
+\begin{enumerate}[label={7.\arabic*}]
+
+ \addtocounter{enumi}{1}
+ \item
+ \TODO{}
+ Verify that all cryptographic modules fail securely, and errors are handled
+ in a way that does not enable oracle padding.
+
+ \addtocounter{enumi}{3}
+ \notapplicable{
+ \item
+ Verify that all random numbers, random file names, random GUIDs, and random
+ strings are generated using the cryptographic module’s approved random
+ number generator when these random values are intended to be not guessable
+ by an attacker.
+ }
+
+ \item
+ \TODO{}
+ Verify that cryptographic algorithms used by the application have been
+ validated against FIPS 140-2 or an equivalent standard.
+
+ \notapplicable{
+ \item
+ Verify that cryptographic modules operate in their approved mode according
+ to their published security policies.
+ }
+
+ \notapplicable{
+ \item
+ Verify that there is an explicit policy for how cryptographic keys are
+ managed (e.g., generated, distributed, revoked, and expired). Verify that
+ this key lifecycle is properly enforced.
+ }
+
+ \addtocounter{enumi}{1}
+ \notapplicable{
+ \item
+ Verify that all consumers of cryptographic services do not have direct
+ access to key material. Isolate cryptographic processes, including master
+ secrets and consider the use of a virtualized or physical hardware key vault
+ (HSM).
+ }
+
+ \notapplicable{
+ \item
+ \textit{Personally Identifiable Information} should be stored encrypted at
+ rest and ensure that communication goes via protected channels.
+ }
+
+ \notapplicable{
+ \item
+ Verify that sensitive passwords or key material maintained in memory is
+ overwritten with zeros as soon as it no longer required, to mitigate memory
+ dumping attacks.
+ }
+
+ \notapplicable{
+ \item
+ Verify that all keys and passwords are replaceable, and are generated or
+ replaced at installation time.
+ }
+
+ \notapplicable{
+ \item
+ Verify that random numbers are created with proper entropy even when the
+ application is under heavy load, or that the application degrades gracefully
+ in such circumstance.
+ }
+
+\end{enumerate}
repositories / ssproject1617.git / commitdiff