From e848627bec2cbddb31eb35eced9e009f9bc1df0d Mon Sep 17 00:00:00 2001 From: Hamed Salimian Date: Sun, 12 Nov 2023 06:08:10 +0000 Subject: [PATCH] Add 14.3.2 workflow --- templates/workflows/14.3.2.yaml | 40 +++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 templates/workflows/14.3.2.yaml diff --git a/templates/workflows/14.3.2.yaml b/templates/workflows/14.3.2.yaml new file mode 100644 index 0000000..ce7ab3e --- /dev/null +++ b/templates/workflows/14.3.2.yaml @@ -0,0 +1,40 @@ +id: ASVS-4-0-3-V14-3-2 + +info: + name: ASVS 14.3.2 Check + author: Hamed Salimian + severity: low + classification: + cwe-id: CWE-497 + reference: + - https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html + tags: asvs,14.3.2,debug + description: | + Verify that web or application server and application framework debug modes are disabled in production to eliminate debug features, developer consoles, and unintended security disclosures. + +workflows: + - template: misconfiguration/symfony-debug.yaml + - template: exposures/logs/rails-debug-mode.yaml + - template: misconfiguration/debug/bottle-debug.yaml + - template: misconfiguration/debug/ampache-debug.yaml + - template: misconfiguration/laravel-debug-enabled.yaml + - template: misconfiguration/laravel-debug-infoleak.yaml + - template: misconfiguration/laravel-debug-error.yaml + - template: misconfiguration/aspx-debug-mode.yaml + - template: exposures/logs/jboss-seam-debug-page.yaml + - template: misconfiguration/struts-ognl-console.yaml + - template: exposures/logs/struts-problem-report.yaml + - template: misconfiguration/sitecore-debug-page.yaml + - template: exposures/logs/django-debug-exposure.yaml + - template: misconfiguration/rekognition-image-validation.yaml + - template: misconfiguration/browserless-debugger.yaml + - template: exposures/logs/struts-debug-mode.yaml + - template: misconfiguration/django-debug-detect.yaml + - template: misconfiguration/airflow/airflow-debug.yaml + - template: misconfiguration/php-debugbar-exposure.yaml + - template: misconfiguration/wamp-xdebug-detect.yaml + - template: misconfiguration/typo3-debug-mode.yaml + - template: exposures/logs/pyramid-debug-toolbar.yaml + - template: misconfiguration/php-errors.yaml + - template: vulnerabilities/jenkins/jenkins-stack-trace.yaml + - template: technologies/werkzeug-debugger-detect.yaml \ No newline at end of file