Testing Guide
The User-Agent directive refers to the specific web spider/robot/ crawler. subset of the Adobe's crossdomain.xml and additionally created.
Meera Sridhar
Adobe Flash applets (Shockwave Flash programs) provide web developers a combined with an insecure same-domain or cross-domain policy (see §5.1) ...
OWASP Cheat Sheets
27 sept 2009 Defending with Content Security Policy frame-ancestors directive . ... An example of lack of acceptance testing is Adobe's inclusion of a ...
[WEB APPLICATION PENETRATION TESTING] March 1 2018
1 mar 2018 web site in the likely event that the robot/spider/crawler start point does ... Adobe's crossdomain.xml and additionally created it's own ...
Testing Guide.docx
1 dic 2001 Agent: Googlebot refers to the spider from Google while ... Adobe: "Cross-domain policy file usage recommendations for Flash Player" -.
Testing Guide
</cross-domain-policy>. Web Application Penetration Testing service consumption using technologies such as Oracle Java Silver- light
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
with these sites and will lose users to a more permissive browser. Adobe's crossdomain.xml policy file could be ... attacks using the Flash plug-in.
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
with these sites and will lose users to a more permissive browser. Adobe's crossdomain.xml policy file could be ... attacks using the Flash plug-in.
ESCUELA POLITÉCNICA NACIONAL
Figura 3.21 Contenido del archivo crossdomain.xml . 49 Lenguaje de programación de la plataforma Adobe Flash. sirve para construir ... Spiders Robots o.
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
with these sites and will lose users to a more permissive browser. Adobe's crossdomain.xml policy file could be ... attacks using the Flash plug-in.
Adobe Flash permissive crossdomainxml policy - Rapid7
Permissive crossdomain xml policy files allow external Adobe Flash (SWF) scripts to interact with your website Depending on how authorization is restricted
Cross Domain Configuration — Acrobat Desktop - Adobe
12 oct 2022 · A cross-domain policy file is an XML document that grants a web client such as Adobe Flash Player or Adobe Acrobat permission to handle
How to change the Flash Media Server default crossdomainxml
16 mai 2021 · Adobe Flash Media Server (FMS) returns the following by default for crossdomain xml requests:
[PDF] Analyzing the Crossdomain Policies of Flash Applications
Adobe Flash is a rich Internet application platform Flash applications are often deployed to configured overly permissive crossdomain policy can ex-
Potential Vulnerability: Permissive crossdomainxml ⡮ - GitHub
30 oct 2018 · Makes it sound as though there's no reason that a Flash client would need to load data from Sentry When an attempt is made to load content into
Adobe-crossdomain adobe cross-domain policy - jonprevattcom
Azure API Management policy reference - cross-domain Web16 de fev de 2023 www rapid7 com/db/vulnerabilities/spider-adobe-flash-permissive-crossdomain-xml/
http-cross-domain-policy NSE Script - Vulners
Checks the cross-domain policy file (/crossdomain xml) and the file specifies the permissions that a web client such as Java Adobe Flash Adobe Reader
Flash Cross-Domain Policy File Vulnerability Fix - Beyond Security
This is a simple XML file used by Adobe's Flash Player to allow access to data that resides outside the exact web domain from which a Flash movie file
[PDF] The State of the Cross-domain Nation
1) Adobe Flash: In order to allow cross-domain request of remote flash applets a server has to cause c net has an overly permissive crossdomain xml
Azure API Management policy reference - cross-domain
16 fév 2023 · Use the cross-domain policy to make the API accessible from Adobe Flash and Microsoft Silverlight browser-based clients
What is Crossdomain xml and why do I need it?
A cross-domain policy is simply a user-defined set of permitted data access rules encapsulated in a crossdomain. xml file. It is only viable on servers that communicate via HTTP, HTTPS, or FTP. A cross-domain policy file is an XML document that grants a web client permission to handle data across one or more domains.12 oct. 2022What is a crossdomain xml file?
The crossdomain. xml file is a cross-domain policy file. It grants the Flash Player permission to talk to servers other than the one it is hosted on and is required for Flash to use Speedtest servers. Note there are two sources of crossdomain information for a Speedtest Server.Where is Crossdomain xml located?
The file crossdomain. xml, located at the root of the server containing the data, determines which domains can access the data without prompting the user to grant access in a security dialog.- The program defines an overly permissive cross-domain policy. By default, Flash applications are subject to the Same Origin Policy which ensures that two SWF applications can access each other's data only if they come from the same domain.
OWASP Cheat Sheets
Martin Woschek, owasp@jesterweb.de
April 9, 2015
Contents
I Developer Cheat Sheets (Builder) 11
1 Authentication Cheat Sheet12
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.2 Authentication General Guidelines . . . . . . . . . . . . . . . . . . . . . . . 12
1.3 Use of authentication protocols that require no password . . . . . . . . . . 17
1.4 Session Management General Guidelines . . . . . . . . . . . . . . . . . . . 19
1.5 Password Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.6 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2 Choosing and Using Security Questions Cheat Sheet20
2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.2 The Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.3 Choosing Security Questions and/or Identity Data . . . . . . . . . . . . . . 20
2.4 Using Security Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.5 Related Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.6 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3 Clickjacking Defense Cheat Sheet26
3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.2 Defending with Content Security Policy frame-ancestors directive . . . . . 26
3.3 Defending with X-Frame-Options Response Headers . . . . . . . . . . . . . 26
3.4 Best-for-now Legacy Browser Frame Breaking Script . . . . . . . . . . . . . 28
3.5 window.confirm() Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.6 Non-Working Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.7 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4 C-Based Toolchain Hardening Cheat Sheet34
4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.2 Actionable Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.3 Build Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.4 Library Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.5 Static Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.6 Platform Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.7 Authors and Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
5 Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet40
5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
5.2 Prevention Measures That Do NOT Work . . . . . . . . . . . . . . . . . . . . 40
5.3 General Recommendation: Synchronizer Token Pattern . . . . . . . . . . . 41
5.4 CSRF Prevention without a Synchronizer Token . . . . . . . . . . . . . . . 44
5.5 Client/User Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
2Contents
5.6 No Cross-Site Scripting (XSS) Vulnerabilities . . . . . . . . . . . . . . . . . 45
5.7 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
5.8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
6 Cryptographic Storage Cheat Sheet47
6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
6.2 Providing Cryptographic Functionality . . . . . . . . . . . . . . . . . . . . . 47
6.3 Related Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
6.4 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
6.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
7 DOM based XSS Prevention Cheat Sheet54
7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
7.2 Guidelines for Developing Secure Applications Utilizing JavaScript . . . . 59
7.3 Common Problems Associated with Mitigating DOM Based XSS . . . . . . 62
7.4 Authors and Contributing Editors . . . . . . . . . . . . . . . . . . . . . . . . 63
7.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
8 Forgot Password Cheat Sheet65
8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
8.2 The Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
8.3 Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
8.4 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
8.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
9 HTML5 Security Cheat Sheet67
9.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
9.2 Communication APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
9.3 Storage APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
9.4 Geolocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
9.5 Web Workers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
9.6 Sandboxed frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
9.7 Offline Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
9.8 Progressive Enhancements and Graceful Degradation Risks . . . . . . . . 71
9.9 HTTP Headers to enhance security . . . . . . . . . . . . . . . . . . . . . . . 71
9.10 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
9.11 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
10 Input Validation Cheat Sheet73
10.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
10.2 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
10.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
11 JAAS Cheat Sheet75
11.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
11.2 Related Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
11.3 Disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
11.4 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
11.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
12 Logging Cheat Sheet80
12.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
12.2 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
12.3 Design, implementation and testing . . . . . . . . . . . . . . . . . . . . . . . 81
12.4 Deployment and operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
3Contents
12.5 Related articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
12.6 Authors and Primary Contributors . . . . . . . . . . . . . . . . . . . . . . . 89
12.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
13 .NET Security Cheat Sheet91
13.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
13.2 .NET Framework Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
13.3 ASP.NET Web Forms Guidance . . . . . . . . . . . . . . . . . . . . . . . . . 92
13.4 ASP.NET MVC Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
13.5 XAML Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
13.6 Windows Forms Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
13.7 WCF Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
13.8 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
13.9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
14 Password Storage Cheat Sheet98
14.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
14.2 Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
14.3 Related Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
14.4 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
14.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
15 Pinning Cheat Sheet102
15.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
15.2 What"s the problem? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
15.3 What Is Pinning? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
15.4 What Should Be Pinned? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
15.5 Examples of Pinning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
15.6 Related Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
15.7 Authors and Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
15.8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
16 Query Parameterization Cheat Sheet107
16.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
16.2 Parameterized Query Examples . . . . . . . . . . . . . . . . . . . . . . . . . 107
16.3 Related Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
16.4 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
16.5 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
17 Ruby on Rails Cheatsheet111
17.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
17.2 Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
17.3 Updating Rails and Having a Process for Updating Dependencies . . . . . 117
17.4 Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
17.5 Further Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
17.6 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
17.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
18 REST Security Cheat Sheet120
18.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
18.2 Authentication and session management . . . . . . . . . . . . . . . . . . . 120
18.3 Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
18.4 Input validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
18.5 Output encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
18.6 Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
4Contents
18.7 Authors and primary editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
18.8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
19 Session Management Cheat Sheet126
19.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
19.2 Session ID Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
19.3 Session Management Implementation . . . . . . . . . . . . . . . . . . . . . 128
19.4 Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
19.5 Session ID Life Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
19.6 Session Expiration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
19.7 Additional Client-Side Defenses for Session Management . . . . . . . . . . 134
19.8 Session Attacks Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
19.9 Related Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
19.10Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
19.11References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
20 SQL Injection Prevention Cheat Sheet139
20.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
20.2 Primary Defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
20.3 Additional Defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
20.4 Related Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
20.5 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
20.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
21 Transport Layer Protection Cheat Sheet149
21.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
21.2 Providing Transport Layer Protection with SSL/TLS . . . . . . . . . . . . . 149
21.3 Providing Transport Layer Protection for Back End and Other Connections161
21.4 Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
21.5 Related Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
21.6 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
21.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
22 Unvalidated Redirects and Forwards Cheat Sheet166
22.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
22.2 Safe URL Redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
22.3 Dangerous URL Redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
22.4 Preventing Unvalidated Redirects and Forwards . . . . . . . . . . . . . . . 168
22.5 Related Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
22.6 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
22.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
23 User Privacy Protection Cheat Sheet170
23.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
23.2 Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
23.3 Authors and Primary Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
23.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
24 Web Service Security Cheat Sheet175
24.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
24.2 Transport Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
24.3 Server Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
24.4 User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
24.5 Transport Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
24.6 Message Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
5Contents
24.7 Message Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
24.8 Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
24.9 Schema Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
24.10Content Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
24.11Output Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
24.12Virus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
quotesdbs_dbs17.pdfusesText_23[PDF] spirit airlines baggage
[PDF] spirit airlines emotional support animal
[PDF] spiritual meaning 1111 angel number
[PDF] spiritual meaning 444 angel number
[PDF] spiritual views
[PDF] spitzenkandidat english
[PDF] spitzenkandidat wiki
[PDF] spitzenkandidat wikipedia
[PDF] spitzenkandidaten europawahl 2019 afd
[PDF] spitzenkandidaten europawahl 2019 cdu
[PDF] spitzenkandidaten europawahl 2019 deutschland
[PDF] spitzenkandidaten europawahl 2019 die linke
[PDF] spitzenkandidaten europawahl 2019 fdp
[PDF] spitzenkandidaten europawahl 2019 grüne