Anti-spam team, Confirmed users
99
edits
User:Apking/Web Security Guidelines: Difference between revisions
User:Apking/Web Security Guidelines (view source)
Revision as of 00:07, 16 January 2016
, 16 January 2016minor tweaks
(grammar) |
(minor tweaks) |
||
| Line 561: | Line 561: | ||
| style="text-align: center;" | P2 | | style="text-align: center;" | P2 | ||
| style="text-align: center;" | Varies | | style="text-align: center;" | Varies | ||
| style="text-align: center;" | | | style="text-align: center;" | 6 | ||
| Varies | | Varies | ||
| Mandatory for websites that allow destructive changes<br>Unnecessary for all other websites<br>Most application frameworks have built-in CSRF tokenization to ease implementation | | Mandatory for websites that allow destructive changes<br>Unnecessary for all other websites<br>Most application frameworks have built-in CSRF tokenization to ease implementation | ||
| Line 589: | Line 589: | ||
| style="text-align: center;" | P2 | | style="text-align: center;" | P2 | ||
| style="text-align: center;" | Easy | | style="text-align: center;" | Easy | ||
| style="text-align: center;" | | | style="text-align: center;" | 5 | ||
| Mandatory for all websites | | Mandatory for all websites | ||
| Websites that don't use DENY or SAMEORIGIN must employ clickjacking defenses | | Websites that don't use DENY or SAMEORIGIN must employ clickjacking defenses | ||