OWASP Annotated Application Security Verification Standard
latest
Browse by chapter:
1 Architecture, Design and Threat Modeling
2 Authentication
3 Session Management
4 Access Control
5 Validation, Sanitization and Encoding
6 Stored Cryptography
7 Error Handling and Logging
8 Data Protection
9 Communications
10 Malicious Code
11 Business Logic
12 Files and Resources
13 API and Web Service
14 Configuration
14.1 Build
14.2 Dependency
14.3 Unintended Security Disclosure Requirements
14.4 HTTP Security Headers Requirements
14.5 Validate HTTP Request Header Requirements
14.5.1 The application server only accepts the HTTP methods in use by the application or API
14.5.2 The supplied Origin header is not used for authentication or access control decision
14.5.3 CORS Access-Control-Allow-Origin header uses a strict white-list of trusted domains
14.5.4 TODO
OWASP Annotated Application Security Verification Standard
Docs
»
14 Configuration
»
14.5 Validate HTTP Request Header Requirements
14.5 Validate HTTP Request Header Requirements
ΒΆ
Browse by item:
14.5.1 The application server only accepts the HTTP methods in use by the application or API
14.5.2 The supplied Origin header is not used for authentication or access control decision
14.5.3 CORS Access-Control-Allow-Origin header uses a strict white-list of trusted domains
14.5.4 TODO