Mechanisms exist to prevent unauthorized code from being present in a secure page as it is rendered in a client’s browser.
Mechanisms exist to utilize a Demilitarized Zone (DMZ) to restrict inbound traffic to authorized devices on certain services, protocols and ports.
Mechanisms exist to deploy Web Application Firewalls (WAFs) to provide defense-in-depth protection for application-specific threats.
Mechanisms exist to deploy reasonably-expected security controls to protect the confidentiality and availability of client data that is stored, transmitted or processed by the Internet-based service.
Mechanisms exist to provide individuals with clear and precise information about cookies, in accordance with applicable legal requirements for cookie management.
Mechanisms exist to implement Strong Customer Authentication (SCA) for consumers to reasonably prove their identity.
Mechanisms exist to ensure the Open Web Application Security Project (OWASP) Application Security Verification Standard is incorporated into the organization's Secure Systems Development Lifecycle (SSDLC) process.
Mechanisms exist to ensure a robust Web Application Framework is used to aid in the development of secure web applications, including web services, web resources and web APIs.
Mechanisms exist to ensure all input handled by a web application is validated and/or sanitized.
Mechanisms exist to ensure all web application content is delivered using cryptographic mechanisms (e.g., TLS).
Passcode