Application Security Verification Standard 4.0 - Final
1.12.2 Verify that user-uploaded files - if required to be displayed or downloaded from the application - are served by either octet stream downloads
Forcepoint One Endpoint Solutions Installation and Deployment Guide
24 Mar 2020 2. Go to Endpoint Security > Forcepoint One Endpoint select a version
Testing Guide
2. The Open Web Application Security Project (OWASP) is a worldwide free and open com- Testing Directory traversal/file include (OTG-AUTHZ-001).
CitiDirect BE Payments
CitiDirect BE® allows you to save the information in a summary grid as a PDF an MS Excel file
Amazon Connect - Administrator Guide
13 Apr 2021 Chat message content . ... Step 2: Add permissions to Amazon Lex bot . ... Download a Login/Logout report as a CSV File .
BlackBerry Workspaces - REST Developers Guide
3 Jun 2019 from and download files received from other Workspaces users ... Content-Disposition: form-data; name="data"; filename="Filename.doc".
IPC-A-610G: Acceptability of Electronic Assemblies table of contents
If a conflict occurs between the English language and translated versions of this document the English version will take precedence. ®. Page 2. 1 General ..
Resttemplate responseentity inputstreamresource
Here are some ways to create a file download feature: Write a response Content Type: Image/png Content-Disposition: Inline; ?? ?? =??.png <?xml ...
ENGINEERING GROUP MATERIALS & WORKMANSHIP
2 Sept 2020 1.1.2. The Contractor shall ensure that these requirements are ... For control work the angular spread of horizontal angles shall not ...
citrix-workspace-app-for-windows.pdf
6 days ago When using Citrix Workspace app for Windows with Browser Content ... When you download a file from Citrix Files some non-English file names ...
![Application Security Verification Standard 4.0 - Final Application Security Verification Standard 4.0 - Final](https://pdfprof.com/Listes/28/16985-28OWASP_Application_Security_Verification_Standard_4.0-en.pdf.pdf.jpg)
Application Security Verification Standard 4.0
FinalMarch 2019
OWASP Application Security Verification Standard 4.0 2Table of Contents
Frontispiece ......................................................................................................................................................... 7
About the Standard .................................................................................................................................................. 7
Copyright and License ............................................................................................................................................... 7
Project Leads ............................................................................................................................................................ 7
Contributors and Reviewers ...................................................................................................................................... 7
Preface ................................................................................................................................................................ 8
What's new in 4.0 ..................................................................................................................................................... 8
Using the ASVS .................................................................................................................................................... 9
Application Security Verification Levels .................................................................................................................... 9
How to use this standard ........................................................................................................................................ 10
Level 1 - First steps, automated, or whole of portfolio view .............................................................................. 10
Level 2 - Most applications ................................................................................................................................. 10
Level 3 - High value, high assurance, or high safety ........................................................................................... 11
Applying ASVS in Practice ....................................................................................................................................... 11
Assessment and Certification ............................................................................................................................. 11
OWASP's Stance on ASVS Certifications and Trust Marks ...................................................................................... 11
Guidance for Certifying Organizations ................................................................................................................... 11
Testing Method .................................................................................................................................................. 12
Other uses for the ASVS .......................................................................................................................................... 12
As Detailed Security Architecture Guidance ....................................................................................................... 12
As a Replacement for Off-the-shelf Secure Coding Checklists ........................................................................... 13
As a Guide for Automated Unit and Integration Tests ....................................................................................... 13
For Secure Development Training ...................................................................................................................... 13
As a Driver for Agile Application Security ........................................................................................................... 13
As a Framework for Guiding the Procurement of Secure Software ................................................................... 13
V1: Architecture, Design and Threat Modeling Requirements ............................................................................ 14
Control Objective .................................................................................................................................................... 14
V1.1 Secure Software Development Lifecycle Requirements .................................................................................. 14
V1.2 Authentication Architectural Requirements ................................................................................................... 15
V1.3 Session Management Architectural Requirements ........................................................................................ 15
V1.4 Access Control Architectural Requirements .................................................................................................... 15
V1.5 Input and Output Architectural Requirements ............................................................................................... 16
V1.6 Cryptographic Architectural Requirements .................................................................................................... 16
V1.7 Errors, Logging and Auditing Architectural Requirements ............................................................................. 17
V1.8 Data Protection and Privacy Architectural Requirements .............................................................................. 17
OWASP Application Security Verification Standard 4.0 3V1.9 Communications Architectural Requirements ................................................................................................ 17
V1.10 Malicious Software Architectural Requirements .......................................................................................... 17
V1.11 Business Logic Architectural Requirements .................................................................................................. 18
V1.12 Secure File Upload Architectural Requirements ........................................................................................... 18
V1.13 API Architectural Requirements ................................................................................................................... 18
V1.14 Configuration Architectural Requirements ................................................................................................... 18
References .............................................................................................................................................................. 19
V2: Authentication Verification Requirements ................................................................................................... 20
Control Objective .................................................................................................................................................... 20
NIST 800-63 - Modern, evidence-based authentication standard .......................................................................... 20
Selecting an appropriate NIST AAL Level ............................................................................................................ 20
Legend .................................................................................................................................................................... 20
V2.1 Password Security Requirements ................................................................................................................... 21
V2.2 General Authenticator Requirements ............................................................................................................. 22
V2.3 Authenticator Lifecycle Requirements ............................................................................................................ 23
V2.4 Credential Storage Requirements ................................................................................................................... 23
V2.5 Credential Recovery Requirements ................................................................................................................. 24
V2.6 Look-up Secret Verifier Requirements ............................................................................................................ 25
V2.7 Out of Band Verifier Requirements ................................................................................................................. 25
V2.8 Single or Multi Factor One Time Verifier Requirements ................................................................................. 26
V2.9 Cryptographic Software and Devices Verifier Requirements .......................................................................... 27
V2.10 Service Authentication Requirements ........................................................................................................... 27
Additional US Agency Requirements ...................................................................................................................... 27
Glossary of terms .................................................................................................................................................... 28
References .............................................................................................................................................................. 28
V3: Session Management Verification Requirements ......................................................................................... 29
Control Objective .................................................................................................................................................... 29
Security Verification Requirements ......................................................................................................................... 29
V3.1 Fundamental Session Management Requirements ........................................................................................ 29
V3.2 Session Binding Requirements ........................................................................................................................ 29
V3.3 Session Logout and Timeout Requirements .................................................................................................... 29
V3.4 Cookie-based Session Management ............................................................................................................... 30
V3.5 Token-based Session Management ................................................................................................................ 31
V3.6 Re-authentication from a Federation or Assertion ......................................................................................... 31
OWASP Application Security Verification Standard 4.0 4V3.7 Defenses Against Session Management Exploits ........................................................................................... 31
Description of the half-open Attack ................................................................................................................... 31
References .............................................................................................................................................................. 32
V4: Access Control Verification Requirements .................................................................................................... 33
Control Objective .................................................................................................................................................... 33
Security Verification Requirements ......................................................................................................................... 33
V4.1 General Access Control Design ....................................................................................................................... 33
V4.2 Operation Level Access Control ...................................................................................................................... 33
V4.3 Other Access Control Considerations .............................................................................................................. 33
References .............................................................................................................................................................. 34
V5: Validation, Sanitization and Encoding Verification Requirements ................................................................. 35
Control Objective .................................................................................................................................................... 35
V5.1 Input Validation Requirements ....................................................................................................................... 35
V5.2 Sanitization and Sandboxing Requirements ................................................................................................... 36
V5.3 Output encoding and Injection Prevention Requirements .............................................................................. 36
V5.4 Memory, String, and Unmanaged Code Requirements .................................................................................. 37
V5.5 Deserialization Prevention Requirements ....................................................................................................... 37
References .............................................................................................................................................................. 38
V6: Stored Cryptography Verification Requirements .......................................................................................... 39
Control Objective .................................................................................................................................................... 39
V6.1 Data Classification .......................................................................................................................................... 39
V6.2 Algorithms ...................................................................................................................................................... 39
V6.3 Random Values ............................................................................................................................................... 40
V6.4 Secret Management ....................................................................................................................................... 40
References .............................................................................................................................................................. 40
V7: Error Handling and Logging Verification Requirements ................................................................................ 42
Control Objective .................................................................................................................................................... 42
V7.1 Log Content Requirements ............................................................................................................................. 42
V7.2 Log Processing Requirements ......................................................................................................................... 42
V7.3 Log Protection Requirements ......................................................................................................................... 43
V7.4 Error Handling ................................................................................................................................................ 43
References .............................................................................................................................................................. 44
V8: Data Protection Verification Requirements .................................................................................................. 45
OWASP Application Security Verification Standard 4.0 5Control Objective .................................................................................................................................................... 45
V8.1 General Data Protection ................................................................................................................................. 45
V8.2 Client-side Data Protection ............................................................................................................................. 45
V8.3 Sensitive Private Data ..................................................................................................................................... 46
References .............................................................................................................................................................. 47
V9: Communications Verification Requirements ................................................................................................ 48
Control Objective .................................................................................................................................................... 48
V9.1 Communications Security Requirements ........................................................................................................ 48
V9.2 Server Communications Security Requirements ............................................................................................. 48
References .............................................................................................................................................................. 49
V10: Malicious Code Verification Requirements ................................................................................................. 50
Control Objective .................................................................................................................................................... 50
V10.1 Code Integrity Controls ................................................................................................................................. 50
V10.2 Malicious Code Search .................................................................................................................................. 50
V10.3 Deployed Application Integrity Controls ....................................................................................................... 51
References .............................................................................................................................................................. 51
V11: Business Logic Verification Requirements .................................................................................................. 52
Control Objective .................................................................................................................................................... 52
V11.1 Business Logic Security Requirements .......................................................................................................... 52
References .............................................................................................................................................................. 53
V12: File and Resources Verification Requirements ............................................................................................ 54
Control Objective .................................................................................................................................................... 54
V12.1 File Upload Requirements ............................................................................................................................ 54
V12.2 File Integrity Requirements .......................................................................................................................... 54
V12.3 File execution Requirements ......................................................................................................................... 54
V12.4 File Storage Requirements ............................................................................................................................ 55
V12.5 File Download Requirements ........................................................................................................................ 55
V12.6 SSRF Protection Requirements ..................................................................................................................... 55
References .............................................................................................................................................................. 55
V13: API and Web Service Verification Requirements ........................................................................................ 56
Control Objective .................................................................................................................................................... 56
V13.1 Generic Web Service Security Verification Requirements ............................................................................. 56
V13.2 RESTful Web Service Verification Requirements ........................................................................................... 56
OWASP Application Security Verification Standard 4.0 6V13.3 SOAP Web Service Verification Requirements .............................................................................................. 57
V13.4 GraphQL and other Web Service Data Layer Security Requirements ........................................................... 57
References .............................................................................................................................................................. 59
V14: Configuration Verification Requirements ................................................................................................... 60
Control Objective .................................................................................................................................................... 60
V14.1 Build .............................................................................................................................................................. 60
V14.2 Dependency .................................................................................................................................................. 61
V14.3 Unintended Security Disclosure Requirements ............................................................................................. 61
V14.4 HTTP Security Headers Requirements .......................................................................................................... 62
V14.5 Validate HTTP Request Header Requirements ............................................................................................. 62
References .............................................................................................................................................................. 62
Appendix A: Glossary ......................................................................................................................................... 63
Appendix B: References ..................................................................................................................................... 65
OWASP Core Projects .............................................................................................................................................. 65
Mobile Security Related Projects ............................................................................................................................ 65
OWASP Internet of Things related projects ............................................................................................................ 65
OWASP Serverless projects ..................................................................................................................................... 65
quotesdbs_dbs2.pdfusesText_2[PDF] angular 2 download file from path
[PDF] angular 2 download file from url
[PDF] angular 2 download file on click
[PDF] angular 2 download image
[PDF] angular 2 download pdf blob
[PDF] angular 2 download pdf from api and display it in view
[PDF] angular 2 download pdf from url
[PDF] angular 2 download zip file from server
[PDF] angular 2 file download example
[PDF] angular 2 http get example
[PDF] angular 2 modules best practices
[PDF] angular 2 node js tutorial
[PDF] angular 2 pdf download example
[PDF] angular 2 pdf download tutorialspoint