STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222447r508029_rule
V-222447
SRG-APP-000089
APSC-DV-000680
CAT II
10
Configure the web application and/or the web server to log HTTP headers.
Review the application documentation and interview the application administrator to identify log locations for application session activity.
Open the log file that tracks user session activity.
Access the application as a regular user and identify the user session within the log files.
Perform several actions within the application in order to generate HTTP header traffic.
Review the logs to ensure the HTTP header information is recorded in the logs. Header information logged will vary based upon the application and environment. Examples of headers include but are not limited to:
User-Agent:
Referer:
X-Forwarded-For:
Date:
Expires:
If HTTP headers are not logged, this is a finding.
V-222447
False
APSC-DV-000680
Review the application documentation and interview the application administrator to identify log locations for application session activity.
Open the log file that tracks user session activity.
Access the application as a regular user and identify the user session within the log files.
Perform several actions within the application in order to generate HTTP header traffic.
Review the logs to ensure the HTTP header information is recorded in the logs. Header information logged will vary based upon the application and environment. Examples of headers include but are not limited to:
User-Agent:
Referer:
X-Forwarded-For:
Date:
Expires:
If HTTP headers are not logged, this is a finding.
M
4093