nl
Tel.: 070 - 310.13.40
Fax: 070 310.13.41
Joseph Ledelstraat 92
2518 KM Den Haag
Scope
This checklist should be used when the Basic Web Application Audit Checklist is completed without
incident and a more thorough audit is desired. This checklist must always be used and presented as
an extension of the Basic Web Application Audit Checklist.
Usage
This checklist must only be used once the Basic Web Application Audit Checklist is completed without
incident, the Basic Web Application Audit Checklist and related results should always be included when
presenting the results of this checklist.
Every test on the checklist should be performed or explicitly marked as being not applicable. Once a
test is completed the checklist should be updated with the appropriate result icon and an optional
document cross reference. The filled-in checklist should not be delivered stand-alone but should be
incorporated in a document specifying at least the results, scope and context of the performed tests.
License
This work is licensed under a Creative Commons Attribution-No Derivative Works 3.0 Netherlands
License. The complete license text can be found online at http://creativecommons.org/licenses/bynd/3.0/nl/. Contact Certified Secure if you want to receive a printed copy.
Explanation
Test was performed and results are okay
Test was performed and results require attention
Test was not applicable
Document:
Version:
Released:
Page:
1.0
Documentation
1.1
1.2
1.3
1.4
1.5
2.0
Audit Log
2.1
2.2
2.3
3.0
Multi-system Services
3.1
3.2
4.0
Design
4.1
The user interface layer must be separated from the logic and data layer
5.0
Information Disclosure
5.1
5.2
6.0
6.1
6.2
6.3
6.4
6.5
7.0
User Input
7.1
8.0
Sessions
8.1
2 of 3
Result
Ref
Document:
Version:
Released:
Page:
8.2
8.3
8.4
9.0
PHP Configuration
9.1
9.2
9.3
9.4
9.5
10.0
Miscellaneous
10.1
3 of 3