STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must provide audit record generation capability for HTTP headers including User-Agent, Referer, GET, and POST.

DISA Rule

SV-222447r508029_rule

Vulnerability Number

V-222447

Group Title

SRG-APP-000089

Rule Version

APSC-DV-000680

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the web application and/or the web server to log HTTP headers.

Check Contents

Review the application documentation and interview the application administrator to identify log locations for application session activity.

Open the log file that tracks user session activity.

Access the application as a regular user and identify the user session within the log files.

Perform several actions within the application in order to generate HTTP header traffic.

Review the logs to ensure the HTTP header information is recorded in the logs. Header information logged will vary based upon the application and environment. Examples of headers include but are not limited to:

User-Agent:
Referer:
X-Forwarded-For:
Date:
Expires:

If HTTP headers are not logged, this is a finding.

Vulnerability Number

V-222447

Documentable

False

Rule Version

APSC-DV-000680

Severity Override Guidance

Review the application documentation and interview the application administrator to identify log locations for application session activity.

Open the log file that tracks user session activity.

Access the application as a regular user and identify the user session within the log files.

Perform several actions within the application in order to generate HTTP header traffic.

Review the logs to ensure the HTTP header information is recorded in the logs. Header information logged will vary based upon the application and environment. Examples of headers include but are not limited to:

User-Agent:
Referer:
X-Forwarded-For:
Date:
Expires:

If HTTP headers are not logged, this is a finding.

Check Content Reference

M

Target Key

4093

Comments