In the event your web application performs HTTPS requests, make certain it verifies the certificate and host identify
Attempted logons must be managed to stop password guessing exploits and unauthorized entry attempts. V-16791 Very low
What the corporation provides: BitArmor Security Suite, application that lets IT shield and regulate the daily life cycle of saved information. The products removes the need for general public important infrastructure-based mostly vital administration via a proprietary, automatic technique.
The designer will ensure the application is compliant with IPv6 multicast addressing and capabilities an IPv6 network configuration alternatives as outlined in RFC 4038.
Not every consumer should have use of your network. To help keep out possible attackers, you require to acknowledge Each and every person and every product.
The designer and IAO will make sure the audit trail is readable only with the application and auditors and guarded towards modification and deletion by unauthorized people.
The Test Manager will make certain code protection stats are taken care of for every launch in the application. Code coverage statistics describes the the amount of the supply code has long been executed according to the test strategies. V-16824 Small
Unauthorized individuals shouldn't have usage of the application or the info in it and really should not be in a position to modify the application or details in it. Inadequate security can prevent your application from currently being deployed.
The designer will ensure the application is compliant with the IPv6 addressing scheme as outlined in RFC 1884.
The designer will ensure applications demanding server authentication are PK-enabled. Applications not utilizing PKI are vulnerable to that contains many password vulnerabilities. PKI is the preferred way of authentication. V-6169 Medium
The designer will ensure the application supports detection and/or prevention of communication session hijacking.
Details is issue to manipulation and other integrity linked attacks Any time that facts is transferred throughout a network. To shield information integrity for the duration of transmission, the here application ought to ...
How the corporate bought its start off: Organization customers set up the written click here content-security appliances from Touboul's former get started-up, Finjan, then requested, "So, now We've a great security Alternative for customers inside the corporate network, but What exactly are we likely to do Along with the touring users connecting from elsewhere?
The designer will make sure the application would not connect with a database utilizing administrative qualifications or other privileged databases accounts.