STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 4 Release: 9 Benchmark Date: 25 Jan 2019: Applications must validate session identifiers.

DISA Rule

SV-84833r1_rule

Vulnerability Number

V-70211

Group Title

SRG-APP-000223

Rule Version

APSC-DV-002260

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application to configure user session identifiers.

Check Contents

Review the application documentation and interview the application administrator.

Identify how the application validates session IDs.

If using a web development framework, ask the application administrator to provide details on the framework's session configuration as it relates to session validation.

If the application is not configured to validate user session identifiers, this is a finding.

Vulnerability Number

V-70211

Documentable

False

Rule Version

APSC-DV-002260

Severity Override Guidance

Review the application documentation and interview the application administrator.

Identify how the application validates session IDs.

If using a web development framework, ask the application administrator to provide details on the framework's session configuration as it relates to session validation.

If the application is not configured to validate user session identifiers, this is a finding.

Check Content Reference

M

Target Key

3009

Comments