Confirmed users
491
edits
WebAppSec/Web App Severity Ratings: Difference between revisions
WebAppSec/Web App Severity Ratings (view source)
Revision as of 17:52, 1 December 2010
, 1 December 2010→Bugzilla Whiteboard Codes
| Line 61: | Line 61: | ||
==Bugzilla Whiteboard Codes== | ==Bugzilla Whiteboard Codes== | ||
{| cellspacing="1" cellpadding="1" border="1" style="width: 564px; height: 417px;" | {| cellspacing="1" cellpadding="1" border="1" style="width: 564px; height: 417px;" | ||
|- | |||
| [infrasec:access]<br> | |||
| Access Control<br> | |||
|- | |- | ||
| [infrasec:auth]<br> | | [infrasec:auth]<br> | ||
| Authentication (lockouts, password policy, etc)<br> | | Authentication (lockouts, password policy, etc)<br> | ||
|- | |- | ||
| [infrasec:cookie]<br> | | [infrasec:cookie]<br> | ||
| Cookie related errors (HTTPOnly / Secure Flag, incorrect domain / path)<br> | | Cookie related errors (HTTPOnly / Secure Flag, incorrect domain / path)<br> | ||
|- | |||
| [infrasec:crossdomain]<br> | |||
| Issue such as x-frame-options, crossdomain.xml, cross site sharing settings | |||
|- | |- | ||
| [infrasec:crypto] | | [infrasec:crypto] | ||
| Line 76: | Line 79: | ||
| [infrasec:csrf]<br> | | [infrasec:csrf]<br> | ||
| Lack of CSRF protection<br> | | Lack of CSRF protection<br> | ||
|- | |- | ||
| [infrasec:errorhandle]<br> | | [infrasec:errorhandle]<br> | ||