Skip to content

Commit

Permalink
Update 0x16-V8-Data-Protection.md
Browse files Browse the repository at this point in the history
  • Loading branch information
tghosth committed Jul 27, 2023
1 parent 3b18e63 commit d5eb1db
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion 5.0/en/0x16-V8-Data-Protection.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ Ensure that a verified application satisfies the following high level data prote

| # | Description | L1 | L2 | L3 | CWE |
| :---: | :--- | :---: | :---: | :---: | :---: |
| **8.2.1** | [MODIFIED] Verify the application sets sufficient anti-caching headers (i.e. Cache-Control: no-store) so that sensitive data is not cached in browsers. |||| 525 |
| **8.2.1** | [MODIFIED] Verify that the application sets sufficient anti-caching headers (i.e. Cache-Control: no-store) so that sensitive data is not cached in browsers. |||| 525 |
| **8.2.2** | [MODIFIED, MERGED FROM 3.2.3] Verify that data stored in browser storage (such as localStorage, sessionStorage, IndexedDB, or cookies) does not contain sensitive data, with the exception of session tokens which should be stored in either cookies or sessionStorage. |||| 922 |
| **8.2.3** | [MODIFIED] Verify that authenticated data is cleared from client storage, such as the browser DOM, after the client or session is terminated. The "Clear-Site-Data header" may be able to help with this but the client-side should also be able to clear up if the server connection is lost. |||| 922 |

Expand Down

0 comments on commit d5eb1db

Please sign in to comment.