Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
3Activity

Table Of Contents

1. INTRODUCTION
1.1 Background
1.2 Authority
1.3 Scope
1.4 Writing Conventions
1.5 Vulnerability Severity Code Definitions
1.6 DISA Information Assurance Vulnerability Management (IAVM)
1.7 STIG Distribution
1.8 Document Revisions
2. GENERAL INFORMATION
2.1 Web Server Security Administration
2.2 Recommended Process for Content Approval and Posting
2.3 Private and Public Web Servers
2.4 Network Configuration
Figure 2-1. Typical Web Server DMZ
2.5 Levels of Access Controls to Private Web Servers
Table 2-1. Minimum Web Server Access Control Requirements
2.6 Passwords
2.7 Web Server Backup and Recovery
3. WEB SERVER SOFTWARE SECURITY
3.1 Open Source Software
3.2 Service Packs and Patches
3.3 Installation
3.4 Configuration
3.5 Access Controls
3.6 Restrict Remote Authoring
3.7 Web Log Files and Banner Page
3.7.1 Log Files
3.7.2 Recommended Banner Page with Logging Policy
3.8 Development Web Servers
3.9 Classified Web Servers
3.10 File and Directory Access Rights for Web Servers
3.11 Microsoft Operating Systems
3.12 PKI
3.12.1 PKI Server Certificates
3.13 SSL/TLS
3.14 Symbolic Links
4. WEB SCRIPTS AND PROGRAM SECURITY
4.1 General
4.2 CGI Programs
4.3 Unvalidated Input
4.4 Mobile Code
4.5 PERL Scripts
4.6 JavaScript
4.7 Java Applications
4.8 Java Servlet Engines and Java Server Pages
4.9 JAVA 2 Enterprise Edition (J2EE)
4.9.1 Declarative Security
4.9.2 Programmatic Security
4.9.3 Realms, Principals, Roles, and Role References
4.9.3.1 Security Realms
4.9.3.2 Principals
4.9.3.3 Roles
4.9.3.4 Role References
4.10 Server Side Includes (SSIs)
4.11 Security Settings for Windows Script Host (WSH)
4.12 ASP.NET and Open Network Environment (ONE) Web Services
5. SECURITY OF OTHER WEB RELATED SERVICES
5.1 FTP
5.2 SMTP
5.3 Web Services
Figure 5-1. Basic Web Services Architecture
5.3.1 XML
5.3.1.1 XML Digital Signature (DSIG)
5.3.1.2 XML Data Encryption
5.3.2 SOAP
5.3.3 WSDL
5.3.4 Universal Discovery Description Integration (UDDI)
5.3.5 WS-Security
5.3.6 Security Assertions Markup Language (SAML)
5.4 Collaboration (Message Board) Servers
5.5 LDAP Server Security
5.6 Web Proxy Servers
5.7 Wireless Enabled Web Servers
APPENDIX A. RELATED PUBLICATIONS
APPENDIX B. SERVER CERTIFICATES
B.1 User Certificates
B.2 Server Certificates
APPENDIX C. LIST OF ACRONYMS
0 of .
Results for:
No results containing your search query
P. 1
Web Server DISA

Web Server DISA

Ratings: (0)|Views: 500|Likes:
Published by dupduy

More info:

Published by: dupduy on Sep 17, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/31/2011

pdf

text

original

You're Reading a Free Preview
Pages 4 to 6 are not shown in this preview.
You're Reading a Free Preview
Pages 10 to 67 are not shown in this preview.

Activity (3)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Brent McGregor liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->