Application Security and Development Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000219
<GroupDescription></GroupDescription>Group -
The application must not expose session IDs.
<VulnDiscussion>Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false in...Rule High Severity -
SRG-APP-000220
<GroupDescription></GroupDescription>Group -
Applications must use system-generated session identifiers that protect against session fixation.
<VulnDiscussion>Session fixation allows an attacker to hijack a valid user’s application session. The attack focuses on the manner in which a...Rule Medium Severity -
SRG-APP-000223
<GroupDescription></GroupDescription>Group -
Applications must validate session identifiers.
<VulnDiscussion>Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever poss...Rule Medium Severity -
SRG-APP-000223
<GroupDescription></GroupDescription>Group -
Applications must not use URL embedded session IDs.
<VulnDiscussion>Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever poss...Rule Medium Severity -
SRG-APP-000223
<GroupDescription></GroupDescription>Group -
The application must not re-use or recycle session IDs.
<VulnDiscussion>Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever poss...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules