OWASP Annotated Application Security Verification Standard
latest

Browse by chapter:

  • v1 Architecture, design and threat modelling
  • v2 Authentication verification requirements
  • v3 Session management verification requirements
  • v4 Access control verification requirements
  • v5 Malicious input handling verification requirements
  • v6 Output encoding / escaping
  • v7 Cryptography at rest verification requirements
    • 7.2 Crypto fails securely
    • 7.6 Random numbers, file names, GUIDs and strings are sufficiently random
    • 7.7 Crypto modules have been validated against FIPS 140-2 or equivalent
    • 7.8 Crypto modules operate in their approved mode
    • 7.9 Policy for cryptographic key management exists and is enforced
    • 7.11 Cryptographic processes are isolated
    • 7.12 PII is encrypted at rest and protected during communication
    • 7.13 Keys and secrets are zeroed when destroyed
    • 7.14 Secrets are replaceable and placed at installation
    • 7.15 Random numbers are sufficiently random even under load
  • v8 Error handling and logging verification requirements
  • v9 Data protection verification requirements
  • v10 Communications security verification requirements
  • v11 HTTP security configuration verification requirements
  • v12 Security configuration verification requirements
  • v13 Malicious controls verification requirements
  • v14 Internal security verification requirements
  • v15 Business logic verification requirements
  • v16 Files and resources verification requirements
  • v17 Mobile verification requirements
  • v18 Web services verification requirements
  • v19 Configuration

Browse by level:

  • Level 1: Opportunistic
  • Level 2: Standard
  • Level 3: Advanced
OWASP Annotated Application Security Verification Standard
  • Docs »
  • v7 Cryptography at rest verification requirements
  • Edit on GitHub

v7 Cryptography at rest verification requirementsΒΆ

  • 7.2 Crypto fails securely
  • 7.6 Random numbers, file names, GUIDs and strings are sufficiently random
  • 7.7 Crypto modules have been validated against FIPS 140-2 or equivalent
  • 7.8 Crypto modules operate in their approved mode
  • 7.9 Policy for cryptographic key management exists and is enforced
  • 7.11 Cryptographic processes are isolated
  • 7.12 PII is encrypted at rest and protected during communication
  • 7.13 Keys and secrets are zeroed when destroyed
  • 7.14 Secrets are replaceable and placed at installation
  • 7.15 Random numbers are sufficiently random even under load
Next Previous

© Copyright 2015, Boy Baukema Revision 471fcb0a.

Built with Sphinx using a theme provided by Read the Docs.