Confirmed users
9,511
edits
WebAppSec/Secure Coding QA Checklist: Difference between revisions
WebAppSec/Secure Coding QA Checklist (view source)
Revision as of 20:34, 11 February 2016
, 11 February 2016no edit summary
No edit summary |
|||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
=Author= | =Author= | ||
Michael Coates - mcoates [at] mozilla.com | Michael Coates - mcoates [at] mozilla.com - no longer with Mozilla | ||
= Status = | = Status = | ||
| Line 15: | Line 16: | ||
= Secure Coding QA Checklist = | = Secure Coding QA Checklist = | ||
== Test: Input Validation For User Controlled Data == | == Test: Input Validation For User Controlled Data == | ||
| Line 166: | Line 165: | ||
===Desired System Behavior=== | ===Desired System Behavior=== | ||
The X-Frame-Options header is present for all HTML pages on the website. The specified value of "DENY" or " | The X-Frame-Options header is present for all HTML pages on the website. The specified value of "DENY" or "SAMEORIGIN" is a decision made by the application owners. Either value is acceptable for this test. | ||
===Further information=== | ===Further information=== | ||