-
Notifications
You must be signed in to change notification settings - Fork 2
/
_config.yml
340 lines (243 loc) · 12.7 KB
/
_config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
# _config.yml
url: https://tss-web.secodis.com
logo: "/assets/img/logo1.png"
avatar: "/assets/img/logo1.png"
title: TSS-WEB
description: An open security requirement framework for web-based applications and services.
author: Matthias Rohr
remote_theme: "mmistakes/minimal-mistakes@4.26.2"
minimal_mistakes_skin: "default" # "air", "aqua", "contrast", "dark", "dirt", "neon", "mint", "plum", "sunrise"
repository: "Secodis/TSS-WEB"
enable_copy_code_button: true
titles_from_headings:
enabled: true
strip_title: true
collections: true
search: true
search_provider: google
google:
search_engine_id: 75489f1b156bd4879
social:
type : # Person or Organization (defaults to Person)
name : # If the user or organization name differs from the site's name
links:
# Exclude these files from production site
exclude:
- CHANGELOG.md
- CNAME
- Gemfile
- Gemfile.lock
encoding: "utf-8"
markdown_ext: "markdown,mkdown,mkdn,mkd,md"
plugins:
#- jekyll-paginate
- jekyll-sitemap
- jekyll-gist
#- jekyll-feed
- jemoji
- jekyll-include-cache
atom_feed:
hide: true
footer:
links:
- label: "GitHub"
icon: "fab fa-fw fa-github"
url: "https://github.com/Secodis/TSS-WEB/"
defaults:
# _pages
- scope:
path: ""
type: pages
values:
layout: single
author_profile: false
comments: false
sidebar: toc
sidebar:
nav: "docs"
- scope:
path: ""
type: docs
values:
sidebar:
nav: "docs"
# SEO Related
google_site_verification :
bing_site_verification :
yandex_site_verification :
TITLE_GENERAL_REQUIREMENTS: "Types of Requirements"
URL_GENERAL_REQUIREMENTS: /General/Requirements
TITLE_GENERAL_TERMS: "Terms"
URL_GENERAL_TERMS: /General/Terms
TITLE_GENERAL_ROLES: "Roles"
URL_GENERAL_ROLES: /General/Roles
TITLE_GENERAL_RISKCLASSES: "Risk Classes"
URL_GENERAL_RISKCLASSES: /General/RiskClasses
TITLE_GENERAL_FAQ: "FAQ"
URL_GENERAL_FAQ: /General/FAQ
TITLE_GENERAL_LICENSE: "License"
URL_GENERAL_LICENSE: /licenses/by/4.0/deed.en
TITLE_SSDLC_CONTROLS: "Part A: SSDLC Controls"
URL_SSDLC_CONTROLS: /#part-a-ssdlc-controls
TITLE_SSDLC_SECENV: "A.1 - Secure Dev Environment"
URL_SSDLC_SECENV: /Controls/SSDLC_Secure-Dev-Environment
TITLE_SSDLC_SECENV_ACCESS: "A.1.1 Securing Access to the Development Environment"
URL_SSDLC_SECENV_ACCESS: /Controls/SSDLC_Secure-Dev-Environment#a11-securing-access-to-the-development-environment
TITLE_SSDLC_SECENV_CODEPROTECT: "A.1.2 Protection of Source and Program Code"
URL_SSDLC_SECENV_CODEPROTECT: /Controls/SSDLC_Secure-Dev-Environment#a12-protection-of-source-and-program-code
TITLE_SSDLC_SECENV_PIPELINESEC: "A.1.3 Pipeline Security"
URL_SSDLC_SECENV_PIPELINESEC: /Controls/SSDLC_Secure-Dev-Environment#a13-pipeline-security
TITLE_SSDLC_SECDEV: "A.2 - Secure Development Process"
URL_SSDLC_SECDEV: /Controls/SSDLC_Secure-Development
TITLE_SSDLC_SECDEV_ROLES: "A.2.1 Roles & Responsibilities"
URL_SSDLC_SECDEV_ROLES: /Controls/SSDLC_Secure-Development#a21-roles--responsibilities
TITLE_SSDLC_SECDEV_SECPLANING: "A.2.2 Security Planing"
URL_SSDLC_SECDEV_SECPLANING: /Controls/SSDLC_Secure-Development#a22-security-planing
TITLE_SSDLC_SECDEV_SECDESIGN: "A.2.3 Secure Design"
URL_SSDLC_SECDEV_SECDESIGN: /Controls/SSDLC_Secure-Development#a23-secure-design
TITLE_SSDLC_SECDEV_SECIMP: "A.2.4 Secure Implementation"
URL_SSDLC_SECDEV_SECIMP: /Controls/SSDLC_Secure-Development#a24-secure-implementation
TITLE_SSDLC_SECDEV_BUILD: "A.2.5 Secure Build & Deployment"
URL_SSDLC_SECDEV_BUILD: /Controls/SSDLC_Secure-Development#a25-secure-build--deployment
TITLE_SSDLC_SECDEV_3RDPARTY: "A.2.6 Securing Third-Party Dependencies"
URL_SSDLC_SECDEV_3RDPARTY: /Controls/SSDLC_Secure-Development#a26-security-of-third-party-dependencies
TITLE_SSDLC_SECDEV_SECGATES: "A.2.7 Security Gates"
URL_SSDLC_SECDEV_SECGATES: /Controls/SSDLC_Secure-Development#a27-security-gates
TITLE_SSDLC_SECTESTS: "A.3 - Security Tests"
URL_SSDLC_SECTESTS: /Controls/SSDLC_Security-Tests
TITLE_SSDLC_SECTESTS_GEN: "A.3.1 General Requirements"
URL_SSDLC_SECTESTS_GEN: /Controls/SSDLC_Security-Tests#a31-general-requirements
TITLE_SSDLC_SECTESTS_DEFECTH: "A.3.2 Handling Security Findings"
URL_SSDLC_SECTESTS_DEFECTH: /Controls/SSDLC_Security-Tests#a32-handling-security-findings
TITLE_SSDLC_SECTESTS_SECSCANS: "A.3.3 Automated Security Scans"
URL_SSDLC_SECTESTS_SECSCANS: /Controls/SSDLC_Security-Tests#a33-automated-security-scans
TITLE_SSDLC_SECTESTS_CUSTOMTESTS: "A.3.4 - Custom Security Tests"
URL_SSDLC_SECTESTS_CUSTOMTESTS: /Controls/SSDLC_Security-Tests#a34---custom-security-tests
TITLE_SSDLC_SECTESTS_PENTESTS: "A.3.5 - Pentests"
URL_SSDLC_SECTESTS_PENTESTS: /Controls/SSDLC_Security-Tests#a35---pentests
TITLE_SSDLC_OUTDEV: "A.4 - Outsourced Development"
URL_SSDLC_OUTDEV: /Controls/SSDLC_Outsourced-Development
TITLE_SSDLC_SECOP: "A.5 - Secure Operation"
URL_SSDLC_SECOP: /Controls/SSDLC_Secure-Operation
TITLE_SSDLC_SECOP_SEPERATION: "A.5.1 Environment Separation"
URL_SSDLC_SECOP_SEPERATION: /Controls/SSDLC_Secure-Operation#a51-environment-separation
TITLE_SSDLC_SECOP_HARDENING: "A.5.2 System Hardening"
URL_SSDLC_SECOP_HARDENING: /Controls/SSDLC_Secure-Operation#a52-system-hardening
TITLE_SSDLC_SECOP_CONTAINERSEC: "A.5.3 Container Security"
URL_SSDLC_SECOP_CONTAINERSEC: /Controls/SSDLC_Secure-Operation#a53-container-security
TITLE_SSDLC_SECOP_SECBACKEND: "A.5.4 Securing Access to Backend Resources"
URL_SSDLC_SECOP_SECBACKEND: /Controls/SSDLC_Secure-Operation#a54-securing-access-to-backend-resources
TITLE_SSDLC_SECOP_ISOLATION: "A.5.5 Isolation of External Systems"
URL_SSDLC_SECOP_ISOLATION: /Controls/SSDLC_Secure-Operation#a55-isolation-of-external-systems
TITLE_SSDLC_SECOP_ADMINACCESS: "A.5.6 Administrative Access"
URL_SSDLC_SECOP_ADMINACCESS: /Controls/SSDLC_Secure-Operation#a56-administrative-access
TITLE_SSDLC_SECOP_SECSCANNING: "A.5.7 Security Scanning in Production"
URL_SSDLC_SECOP_SECSCANNING: /Controls/SSDLC_Secure-Operation#a57-security-scanning-in-production
TITLE_SSDLC_SECOP_MONITORING: "A.5.8 Security Monitoring and Alerting"
URL_SSDLC_SECOP_MONITORING: /Controls/SSDLC_Secure-Operation#a58-security-monitoring
TITLE_SSDLC_SECOP_MAINTANENCE: "A.5.9 System Maintenance"
URL_SSDLC_SECOP_MAINTANENCE: /Controls/SSDLC_Secure-Operation#a59-system-maintenance
TITLE_SSDLC_SECOP_VULNREMED: "A.5.10 Vulnerability Management"
URL_SSDLC_SECOP_VULNREMED: /Controls/SSDLC_Secure-Operation#a510-vulnerability-management
TITLE_SSDLC_SECOP_INCIDENTMGMT: "A.5.11 Incident Management"
URL_SSDLC_SECOP_INCIDENTMGMT: /Controls/SSDLC_Secure-Operationn#a511-incident-management
TITLE_IMPL_CONTROLS: "Part B: Secure Implementation Controls"
URL_IMPL_CONTROLS: /#part-b-secure-implementation-controls
TITLE_IMPL_PRINCIPLES: "B.1 - Secure Design Principles"
URL_IMPL_PRINCIPLES: /Controls/SecImpl_Secure-Design-Principles
TITLE_IMPL_INPUTVAL: "B.2 - Input Validation"
URL_IMPL_INPUTVAL: /Controls/SecImpl_InputVal
TITLE_IMPL_INPUTVAL_GENERAL: "B.2.1 General Requirements"
URL_IMPL_INPUTVAL_GENERAL: /Controls/SecImpl_InputVal#b21-general-requirements
TITLE_IMPL_INPUTVAL_UIs: "B.2.2 Additional Requirements for Web-based UIs"
URL_IMPL_INPUTVAL_UIs: /Controls/SecImpl_InputVal#b22-additional-requirements-for-web-based-uis
TITLE_IMPL_FILEUPLOADS: "B.3 - Secure Fileuploads and Downloads"
URL_IMPL_FILEUPLOADS: /Controls/SecImpl_FileUploads
TITLE_IMPL_FILEUPLOADS_AUTH: "B.3.1 Authentication"
URL_IMPL_FILEUPLOADS_AUTH: /Controls/SecImpl_FileUploads#b31-authentication
TITLE_IMPL_FILEUPLOADS_STORAGE: "B.3.2 Storage"
URL_IMPL_FILEUPLOADS_STORAGE: /Controls/SecImpl_FileUploads#b32-storage
TITLE_IMPL_FILEUPLOADS_LIMITATION: "B.3.3 Limitation"
URL_IMPL_FILEUPLOADS_LIMITATION: /Controls/SecImpl_FileUploads#b33-limitation
TITLE_IMPL_FILEUPLOADS_VALIDATION: "B.3.4 Validation"
URL_IMPL_FILEUPLOADS_VALIDATION: /Controls/SecImpl_FileUploads#b34-validation
TITLE_IMPL_FILEUPLOADS_SANITIZATION: "B.3.5 Sanitization"
URL_IMPL_FILEUPLOADS_SANITIZATION: /Controls/SecImpl_FileUploads#b35-sanitization
TITLE_IMPL_FILEUPLOADS_DOWNLOADS: "B.3.6 Downloads"
URL_IMPL_FILEUPLOADS_DOWNLOADS: /Controls/SecImpl_FileUploads#b36-downloads
TITLE_IMPL_OUTPUTVAL: "B.4 - Output Validation & Encoding"
URL_IMPL_OUTPUTVAL: /Controls/SecImpl_OutputVal
TITLE_IMPL_USERAUTH: "B.5 - Secure User Registration & Authentication"
URL_IMPL_USERAUTH: /Controls/SecImpl_UserAuth
TITLE_IMPL_USERAUTH_REG: "B.5.1 - User Registration"
URL_IMPL_USERAUTH_REG: /Controls/SecImpl_UserAuth#sitetitle_impl_userauth_reg
TITLE_IMPL_USERAUTH_AUTH: "B.5.2 - User Authentication"
URL_IMPL_USERAUTH_AUTH: /Controls/SecImpl_UserAuth#sitetitle_impl_userauth_auth
TITLE_IMPL_USERPASSWD: "B.6 - User Passwords"
URL_IMPL_USERPASSWD: /Controls/SecImpl_User-Passwords
TITLE_IMPL_USERPASSWD_GENERAL: "B.6.1 General"
URL_IMPL_USERPASSWD_GENERAL: /Controls/SecImpl_User-Passwords#b61-general
TITLE_IMPL_USERPASSWD_PWCHANGE: "B.6.2 Password Change Functions"
URL_IMPL_USERPASSWD_PWCHANGE: /Controls/SecImpl_User-Passwords#b62-password-change-functions
TITLE_IMPL_USERPASSWD_PWFORGET: "B.6.3 Password Forgot Functions"
URL_IMPL_USERPASSWD_PWFORGET: /Controls/SecImpl_User-Passwords#b63-password-forgot-functions
TITLE_IMPL_SESSIONMGMT: "B.7 - Secure Session Management"
URL_IMPL_SESSIONMGMT: /Controls/SecImpl_SessionMgmt
TITLE_IMPL_SESSIONMGMT_GENERAL: "B.7.1 General"
URL_IMPL_SESSIONMGMT_GENERAL: /Controls/SecImpl_SessionMgmt#b71-general
TITLE_IMPL_SESSIONMGMT_COOKIES: "B.7.2 Session Cookies"
URL_IMPL_SESSIONMGMT_COOKIES: /Controls/SecImpl_SessionMgmt#b72-session-cookies
TITLE_IMPL_SESSIONMGMT_AUTH: "B.7.3 Authenticated Sessions"
URL_IMPL_SESSIONMGMT_AUTH: /Controls/SecImpl_SessionMgmt#b73-authenticated-sessions
TITLE_IMPL_SESSIONMGMT_CSRF: "B.7.4 CSRF Protection"
URL_IMPL_SESSIONMGMT_CSRF: /Controls/SecImpl_SessionMgmt#b74-csrf-protection
TITLE_IMPL_AUTHZ: "B.8 - Authorization"
URL_IMPL_AUTHZ: /Controls/SecImpl_Access-Control
TITLE_IMPL_ERRORLOG: "B.9 - Error Handling and Logging"
URL_IMPL_ERRORLOG: /Controls/SecImpl_Error-Handling-and-Logging
TITLE_IMPL_DATASEC: "B.10 - Data Security"
URL_IMPL_DATASEC: /Controls/SecImpl_Data-Security
TITLE_IMPL_DATASEC_GENERAL: "B.10.1 General"
URL_IMPL_DATASEC_GENERAL: /Controls/SecImpl_Data-Security#b101-general
TITLE_IMPL_DATASEC_ENCRYPT-TANSIT: "B.10.2 Encryption at Transit"
URL_IMPL_DATASEC_ENCRYPT-TANSIT: /Controls/SecImpl_Data-Security#b102-encryption-at-transit
TITLE_IMPL_DATASEC_CERTS: "B.10.2 X.509 Certificates"
URL_IMPL_DATASEC_CERTS: /Controls/SecImpl_Data-Security#b102-x509-certificates
TITLE_IMPL_DATASEC_ENCRYPT-REST: "B.10.3 Encryption at Rest"
URL_IMPL_DATASEC_ENCRYPT-REST: /Controls/SecImpl_Data-Security#b103-encryption-at-rest
TITLE_IMPL_DATASEC_INTEGRITY: "B.10.4 Cryptographic Integrity Checks"
URL_IMPL_DATASEC_INTEGRITY: /Controls/SecImpl_Data-Security#b104-cryptographic-integrity-checks
TITLE_IMPL_DATASEC_TOKENS: "B.10.5 Tokens / Keys"
URL_IMPL_DATASEC_TOKENS: /Controls/SecImpl_Data-Security#b105-tokens--keys
TITLE_IMPL_SECRETS: "B.11 - Protection of Secrets"
URL_IMPL_SECRETS: /Controls/SecImpl_Secrets
TITLE_IMPL_APISEC: "B.12 - API Security"
URL_IMPL_APISEC: /Controls/SecImpl_API-Security
TITLE_IMPL_APISEC_GENERAL: "B.12.1 General"
URL_IMPL_APISEC_GENERAL: /Controls/SecImpl_API-Security#b121-general
TITLE_IMPL_APISEC_AUTH: "B.12.2 Authentication"
URL_IMPL_APISEC_AUTH: /Controls/SecImpl_API-Security#b122-authentication
TITLE_IMPL_APISEC_ACCESS-TOKENS: "B.12.3 Access Tokens"
URL_IMPL_APISEC_ACCESS-TOKENS: /Controls/SecImpl_API-Security#b123-access-tokens
TITLE_IMPL_APISEC_OAUTH2: "B.12.4 OAuth 2.0/OICD Requirements"
URL_IMPL_APISEC_OAUTH2: /Controls/SecImpl_API-Security#b124-oauth-20oicd-requirements
TITLE_IMPL_APISEC_FRONTEND-APIS: "B.12.5 Frontend APIs"
URL_IMPL_APISEC_FRONTEND-APIS: /Controls/SecImpl_API-Security#b125-frontend-apis
TITLE_IMPL_APISEC_X-DOMAIN-ACCESS: "B.12.6 Cross-Domain Access"
URL_IMPL_APISEC_X-DOMAIN-ACCESS: /Controls/SecImpl_API-Security#b126-cross-domain-access
TITLE_IMPL_APISEC_WEBSOCKETS: "B.12.7 WebSockets"
URL_IMPL_APISEC_WEBSOCKETS: /Controls/SecImpl_API-Securityy#b127-websockets
TITLE_IMPL_CLIENTSEC: "B.13 - Client-Side Security"
URL_IMPL_CLIENTSEC: /Controls/SecImpl_Client-Side-Security
TITLE_IMPL_HTTPHEADERSEC: "B.14 - HTTP Header Security"
URL_IMPL_HTTPHEADERSEC: /Controls/SecImpl_HTTP-Header-Security
TITLE_MATERIAL_TOPTENMAPPING: "OWASP Top Ten Mapping"
URL_MATERIAL_TOPTENMAPPING: /Material/OWASP_Top_Ten_Mapping
TITLE_MATERIAL_SAMMMAPPING: "OWASP SAMM Mapping (Draft)"
URL_MATERIAL_SAMMMAPPING: /Material/OWASP_SAMM-2.0-Mapping
TITLE_MATERIAL_MSSDLMAPPING: "MS SDL Mapping"
URL_MATERIAL_MSSDLMAPPING: /Material/Microsoft_SDL_Mapping
TITLE_MATERIAL_SSDFMAPPING: "NIST SSDF Mapping"
URL_MATERIAL_SSDFMAPPING: /Material/NIST_SSDF_Mapping
TITLE_MATERIAL_SAFECODEMAPPING: "SAFECode SSDLC Practices Mapping (Draft)"
URL_MATERIAL_SAFECODEMAPPING: /Material/SAFECode_SSDLC_Mapping