Create 8.2.1.yaml

OWASP · May 31, 2024 · f88068e · f88068e
1 parent b051e1b
commit f88068e
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/templates/8.2.1.yaml b/templates/8.2.1.yaml
@@ -0,0 +1,33 @@
+id: ASVS-4-0-3-V8-2-1
+
+info:
+  name: ASVS 8.2.1 Check
+  author: AmirHossein Raeisi
+  severity: low
+  classification:
+    cwe-id: CWE-525
+  reference:
+    - https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses
+    - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+  tags: asvs,8.2.1
+  description: |
+    Verify the application sets sufficient anti-caching headers so that sensitive data is not cached in modern browsers.
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: regex
+        part: header
+        regex:
+          - '(?i)cache-control:.*no-store'
+        negative: true
+
+      - type: Word
+        part: header
+        words:
+          - "Last-Modified"
+          - "Expires"
+          - "Pragma"