NIST mapping names added

owtf · Aug 20, 2014 · 3745111 · 3745111
1 parent 4469806
commit 3745111
Showing 1 changed file with 67 additions and 67 deletions.
diff --git a/profiles/mappings/default.cfg b/profiles/mappings/default.cfg
@@ -12,229 +12,229 @@
 [OWTF-IG-001]
 OWASP_V3: OWASP-IG-001_____Spiders Robots and Crawlers
 OWASP_V4: OTF-INFO-003_____Review Webserver Metafiles for Information Leakage
-NIST: AU-13_____To Be Filled By Anirudh
+NIST: AU-13_____MONITORING FOR INFORMATION DISCLOSURE
 
 [OWTF-IG-002]
 OWASP_V3: OWASP-IG-002_____Search Engine Discovery/Reconnaissance
 OWASP_V4: OTG-INFO-001_____Conduct Search Engine Discovery and Reconnaissance
-NIST: AU-13_____To Be Filled By Anirudh
+NIST: AU-13_____MONITORING FOR INFORMATION DISCLOSURE
 
 [OWTF-IG-003]
 OWASP_V3: OWASP-IG-003_____Identify application entry points
 OWASP_V4: OTG-INFO-006_____Identify application entry points
-NIST: AU-13_____To Be Filled By Anirudh
+NIST: AU-13_____MONITORING FOR INFORMATION DISCLOSURE
 
 [OWTF-IG-004]
 OWASP_V3: OWASP-IG-004_____Testing for Web Application Fingerprint
 OWASP_V4: OTG-INFO-002_____Fingerprint Web Server
-NIST: AU-13_____To Be Filled By Anirudh
+NIST: AU-13_____MONITORING FOR INFORMATION DISCLOSURE
 
 [OWTF-IG-005]
 OWASP_V3: OWASP-IG-005_____Application Discovery
 OWASP_V4: OTG-INFO-004_____Enumerate Applications on Webserver
-NIST: AU-13_____To Be Filled By Anirudh
+NIST: AU-13_____MONITORING FOR INFORMATION DISCLOSURE
 
 [OWTF-IG-006]
 OWASP_V3: OWASP-IG-006_____Analysis of Error Codes
 OWASP_V4: OTG-ERR-001_____Analysis of Error Codes
-NIST: SI-11_____To Be Filled By Anirudh
+NIST: SI-11_____ERROR HANDLING
 
 [OWTF-CM-001]
 category: TLS
 OWASP_V3: OWASP-CM-001_____SSL/TLS Testing
 OWASP_V4: OTG-INFO-011_____Map Network and Application Architecture
-NIST: SC-13_____To Be Filled By Anirudh
+NIST: SC-13_____CRYPTOGRAPHIC PROTECTION
 
 [OWTF-CM-002]
 OWASP_V3: OWASP-CM-002_____DB Listener Testing
 OWASP_V4: OTG-CONFIG-002_____Test Application Platform Configuration
-NIST: AC-03_____To Be Filled By Anirudh
+NIST: AC-03_____ACCESS ENFORCEMENT
 
 [OWTF-CM-003]
 OWASP_V3: OWASP-CM-003_____Infrastructure Configuration Management Testing
 OWASP_V4: OTG-CONFIG-003_____Test File Extensions Handling for Sensitive Information
-NIST: CM-6_____To Be Filled By Anirudh
+NIST: CM-6_____CONFIGURATION SETTINGS
 
 [OWTF-CM-004]
 OWASP_V3: OWASP-CM-004_____Application Configuration Management Testing
 OWASP_V4: OTG-CONFIG-004_____Backup and Unreferenced Files for Sensitive Information
-NIST: CM-6_____To Be Filled By Anirudh
+NIST: CM-6_____CONFIGURATION SETTINGS
 
 [OWTF-CM-005]
-OWASP_V3: OWASP-CM-005_____Testing for File ENot Applicabletensions Handling
+OWASP_V3: OWASP-CM-005_____Testing for File Extensions Handling
 OWASP_V4: OTG-CONFIG-005_____Enumerate Infrastructure and Application Admin Interfaces
-NIST: CM-10_____To Be Filled By Anirudh
+NIST: CM-10_____SOFTWARE USAGE RESTRICTIONS
 
 [OWTF-CM-006]
 OWASP_V3: OWASP-CM-006_____Old backup and unreferenced files
 OWASP_V4: OTG-CONFIG-006_____Test HTTP Methods
-NIST: AC-03_____To Be Filled By Anirudh
+NIST: AC-03_____ACCESS ENFORCEMENT
 
 [OWTF-CM-007]
 OWASP_V3: OWASP-CM-007_____Infrastructure and Application Admin Interfaces
 OWASP_V4: OTG-CONFIG-007_____Testing for Database credentials/connection strings
-NIST: AC-06_____To Be Filled By Anirudh
+NIST: AC-06_____LEAST PRIVILEGE
 
 [OWTF-CM-008]
 OWASP_V3: OWASP-CM-008_____Testing for HTTP Methods and XST
 OWASP_V4: OTG-CONFIG-008_____Testing for Content Security Policy
-NIST: CM-10_____To Be Filled By Anirudh
+NIST: CM-10_____SOFTWARE USAGE RESTRICTIONS
 
 [OWTF-AT-001]
 OWASP_V3: OWASP-AT-001_____Credentials transport over an encrypted channel
 OWASP_V4: OTG-AUTHN-001_____Testing for Credentials Transported over an Encrypted Channel
-NIST: SC-13_____To Be Filled By Anirudh
+NIST: SC-13_____CRYPTOGRAPHIC PROTECTION
 
 [OWTF-AT-002]
 OWASP_V3: OWASP-AT-002_____Testing for user enumeration
 OWASP_V4: OTG-IDENT-004_____Testing for Account Enumeration and Guessable User Account
-NIST: IA-6_____To Be Filled By Anirudh
+NIST: IA-6_____AUTHENTICATOR FEEDBACK
 
 [OWTF-AT-003]
 OWASP_V3: OWASP-AT-003_____Testing for Guessable (Dictionary) User Account
 OWASP_V4: OTG-AUTHN-002_____Testing for default credentials
-NIST: IA-6_____To Be Filled By Anirudh
+NIST: IA-6_____AUTHENTICATOR FEEDBACK
 
 [OWTF-AT-004]
 OWASP_V3: OWASP-AT-004_____Brute Force Testing
 OWASP_V4: OTG-AUTHN-003_____Testing for Weak lock out mechanism
-NIST: IA-6_____To Be Filled By Anirudh
+NIST: IA-6_____AUTHENTICATOR FEEDBACK
 
 [OWTF-AT-005]
 OWASP_V3: OWASP-AT-005_____Testing for bypassing authentication schema
 OWASP_V4: OTG-AUTHN-004_____Testing for bypassing authentication schema
-NIST: AC-10_____To Be Filled By Anirudh
+NIST: AC-10_____CONCURRENT SESSION CONTROL
 
 [OWTF-AT-006]
 OWASP_V3: OWASP-AT-006_____Testing for vulnerable remember password and pwd reset
 OWASP_V4: OTG-AUTHN-005_____Test remember password functionality
-NIST: IA-6_____To Be Filled By Anirudh
+NIST: IA-6_____AUTHENTICATOR FEEDBACK
 
 [OWTF-AT-007]
 OWASP_V3: OWASP-AT-007_____Testing for Logout and Browser Cache Management
 OWASP_V4: OTG-AUTHN-006_____Testing for Browser cache weakness
-NIST: AC-12_____To Be Filled By Anirudh
+NIST: AC-12_____SESSION TERMINATION
 
 [OWTF-AT-008]
 OWASP_V3: OWASP-AT-008_____Testing for CAPTCHA
 OWASP_V4: OTG-AUTHN-007_____Testing for Weak password policy
-NIST: IA-3_____To Be Filled By Anirudh
+NIST: IA-3_____DEVICE IDENTIFICATION AND AUTHENTICATION
 
 [OWTF-AT-009]
 OWASP_V3: OWASP-AT-009_____Testing Multiple Factors Authentication
 OWASP_V4: OTG-IDENT-005_____Testing for Weak or unenforced username policy
-NIST: IA-2_____To Be Filled By Anirudh
+NIST: IA-2_____IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)
 
 [OWTF-AT-010]
 OWASP_V3: OWASP-AT-010_____Testing for Race Conditions
 OWASP_V4: OTG-AUTHZ-009_____Testing for failure to restrict access to authenticated resource
-NIST: SI-16_____To Be Filled By Anirudh
+NIST: SI-16_____MEMORY PROTECTION
 
 [OWTF-SM-001]
 category: Authentication
 OWASP_V3: OWASP-SM-001_____Testing for Session Management Schema
 OWASP_V4: OTG-SESS-001_____Testing for Bypassing Session Management Schema
-NIST: SC-10_____To Be Filled By Anirudh
+NIST: SC-10_____NETWORK DISCONNECT
 
 [OWTF-SM-002]
 OWASP_V3: OWASP-SM-002_____Testing for Cookies attributes
 OWASP_V4: OTG-SESS-002_____Testing for Cookies attributes
-NIST: SC-23_____To Be Filled By Anirudh
+NIST: SC-23_____SESSION AUTHENTICITY
 
 [OWTF-SM-003]
-OWASP_V3: OWASP-SM-003_____Testing for Session FiNot Applicableation
-OWASP_V4: OTG-SESS-003_____Testing for Session FiNot Applicableation
-NIST: SC-23_____To Be Filled By Anirudh
+OWASP_V3: OWASP-SM-003_____Testing for Session Fixation
+OWASP_V4: OTG-SESS-003_____Testing for Session Fixation
+NIST: SC-23_____SESSION AUTHENTICITY
 
 [OWTF-SM-004]
-OWASP_V3: OWASP-SM-004_____Testing for ENot Applicableposed Session Variables
-OWASP_V4: OTG-SESS-004_____Testing for ENot Applicableposed Session Variables
-NIST: AC-03_____To Be Filled By Anirudh
+OWASP_V3: OWASP-SM-004_____Testing for Exposed Session Variables
+OWASP_V4: OTG-SESS-004_____Testing for Exposed Session Variables
+NIST: AC-03_____ACCESS ENFORCEMENT
 
 [OWTF-SM-005]
 category: CSRF
 OWASP_V3: OWASP-SM-005_____Testing for CSRF
 OWASP_V4: OTG-SESS-005_____Testing for Cross Site Request Forgery
-NIST: SC-23_____To Be Filled By Anirudh
+NIST: SC-23_____SESSION AUTHENTICITY
 
 [OWTF-AZ-001]
 OWASP_V3: OWASP-AZ-001_____Testing Directory traversal/file include
 OWASP_V4: OTG-AUTHZ-002_____Testing Directory traversal/file include
-NIST: AC-6_____To Be Filled By Anirudh
+NIST: AC-6_____LEAST PRIVILEGE
 
 [OWTF-AZ-002]
 OWASP_V3: OWASP-AZ-002_____Testing for bypassing authorization schema
 OWASP_V4: OTG-AUTHZ-003_____Testing for bypassing authorization schema
-NIST: AC-6_____To Be Filled By Anirudh
+NIST: AC-6_____LEAST PRIVILEGE
 
 [OWTF-AZ-003]
 OWASP_V3: OWASP-AZ-003_____Testing for Privilege Escalation
 OWASP_V4: OTG-AUTHZ-004_____Testing for Privilege Escalation
-NIST: AU-9_____To Be Filled By Anirudh
+NIST: AU-9_____PROTECTION OF AUDIT INFORMATION
 
 [OWTF-DV-001]
 category: XSS
 OWASP_V3: OWASP-DV-001_____Testing for Reflected Cross Site Scripting
 OWASP_V4: OTG-INPVAL-001_____Testing for Reflected Cross Site Scripting
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-002]
 category: XSS
 OWASP_V3: OWASP-DV-002_____Testing for Stored Cross Site Scripting
 OWASP_V4: OTG-INPVAL-002_____Testing for Stored Cross Site Scripting
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-003]
 category: XSS
 OWASP_V3: OWASP-DV-003_____Testing for DOM based Cross Site Scripting
 OWASP_V4: OTG-INPVAL-003_____Testing for HTTP Verb Tampering
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-004]
 OWASP_V3: OWASP-DV-004_____Testing for Cross Site Flashing
 OWASP_V4: OTG-INPVAL-004_____Testing for HTTP Parameter pollution
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-005]
 category: SQL
 OWASP_V3: OWASP-DV-005_____SQL Injection
 OWASP_V4: OTG-INPVAL-006_____Testing for SQL Injection
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-006]
 OWASP_V3: OWASP-DV-006_____LDAP Injection
 OWASP_V4: OTG-INPVAL-007_____Testing for LDAP Injection
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-007]
 OWASP_V3: OWASP-DV-007_____ORM Injection
 OWASP_V4: OTG-INPVAL-008_____Testing for ORM Injection
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-008]
 OWASP_V3: OWASP-DV-008_____XML Injection
 OWASP_V4: OTG-INPVAL-009_____Testing for XML Injection
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-009]
 OWASP_V3: OWASP-DV-009_____SSI Injection
 OWASP_V4: OTG-INPVAL-010_____Testing for SSI Injection
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-010]
 OWASP_V3: OWASP-DV-010_____XPath Injection
 OWASP_V4: OTG-INPVAL-011_____Testing for XPath Injection
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-011]
 OWASP_V3: OWASP-DV-011_____IMAP/SMTP Injection
 OWASP_V4: OTG-INPVAL-012_____IMAP/SMTP Injection
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-012]
 OWASP_V3: OWASP-DV-012_____Code Injection
 OWASP_V4: OTG-INPVAL-013_____Testing for Code Injection
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DV-013]
 OWASP_V3: OWASP-DV-013_____OS Commanding
@@ -243,58 +243,58 @@ OWASP_V4: OTG-INPVAL-014_____Testing for Command Injection
 [OWTF-DV-014]
 OWASP_V3: OWASP-DV-014_____Buffer overflow
 OWASP_V4: OTG-INPVAL-015_____Testing for Buffer overflow
-NIST: SI-16_____To Be Filled By Anirudh
+NIST: SI-16_____MEMORY PROTECTION
 
 [OWTF-DV-015]
 OWASP_V3: OWASP-DV-015_____Incubated vulnerability
 OWASP_V4: OTG-INPVAL-016_____Testing for incubated vulnerabilities
-NIST: CM-10_____To Be Filled By Anirudh
+NIST: CM-10_____SOFTWARE USAGE RESTRICTIONS
 
 [OWTF-DV-016]
 OWASP_V3: OWASP-DV-016_____Testing for HTTP Splitting/Smuggling
 OWASP_V4: OTG-INPVAL-017_____Testing for HTTP Splitting/Smuggling
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-DS-001]
 category: SQL
 OWASP_V3: OWASP-DS-001_____Testing for SQL Wildcard Attacks
-NIST: SC-05_____To Be Filled By Anirudh
+NIST: SC-05_____DENIAL OF SERVICE PROTECTION
 
 [OWTF-DS-002]
 OWASP_V3: OWASP-DS-002_____Locking Customer Accounts
-NIST: SC-05_____To Be Filled By Anirudh
+NIST: SC-05_____DENIAL OF SERVICE PROTECTION
 
 [OWTF-DS-003]
 OWASP_V3: OWASP-DS-003_____Testing for DoS Buffer Overflows
-NIST: SC-05_____To Be Filled By Anirudh
+NIST: SC-05_____DENIAL OF SERVICE PROTECTION
 
 [OWTF-DS-004]
 OWASP_V3: OWASP-DS-004_____User Specified Object Allocation
-NIST: SC-05_____To Be Filled By Anirudh
+NIST: SC-05_____DENIAL OF SERVICE PROTECTION
 
 [OWTF-DS-005]
 OWASP_V3: OWASP-DS-005_____User Input as a Loop Counter
-NIST: SC-05_____To Be Filled By Anirudh
+NIST: SC-05_____DENIAL OF SERVICE PROTECTION
 
 [OWTF-DS-006]
 OWASP_V3: OWASP-DS-006_____Writing User Provided Data to Disk
-NIST: SC-05_____To Be Filled By Anirudh
+NIST: SC-05_____DENIAL OF SERVICE PROTECTION
 
 [OWTF-DS-007]
 OWASP_V3: OWASP-DS-007_____Failure to Release Resources
-NIST: SC-05_____To Be Filled By Anirudh
+NIST: SC-05_____DENIAL OF SERVICE PROTECTION
 
 [OWTF-DS-008]
 OWASP_V3: OWASP-DS-008_____Storing too Much Data in Session
-NIST: SC-05_____To Be Filled By Anirudh
+NIST: SC-05_____DENIAL OF SERVICE PROTECTION
 
 [OWTF-WS-001]
 OWASP_V3: OWASP-WS-001_____WS Information Gathering
-NIST: SAU-13_____To Be Filled By Anirudh
+NIST: AU-13_____MONITORING FOR INFORMATION DISCLOSURE
 
 [OWTF-WS-002]
 OWASP_V3: OWASP-WS-002_____Testing WSDL
-NIST: AU-13_____To Be Filled By Anirudh
+NIST: AU-13_____MONITORING FOR INFORMATION DISCLOSURE
 
 [OWTF-WS-003]
 OWASP_V3: OWASP-WS-003_____XML Structural Testing
@@ -304,20 +304,20 @@ OWASP_V3: OWASP-WS-004_____XML content-level Testing
 
 [OWTF-WS-005]
 OWASP_V3: OWASP-WS-005_____HTTP GET parameters/REST Testing
-NIST: SI-10_____To Be Filled By Anirudh
+NIST: SI-10_____INFORMATION INPUT VALIDATION
 
 [OWTF-WS-006]
 OWASP_V3: OWASP-WS-006_____Naughty SOAP attachments
-NIST: CM-10_____To Be Filled By Anirudh
+NIST: CM-10_____SOFTWARE USAGE RESTRICTIONS
 
 [OWTF-WS-007]
 OWASP_V3: OWASP-WS-007_____Replay Testing
-NIST: IA-2_____To Be Filled By Anirudh
+NIST: IA-2_____IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)
 
 [OWTF-AJ-001]
 OWASP_V3: OWASP-AJ-001_____AJAX Vulnerabilities
-NIST: AC-03_____To Be Filled By Anirudh
+NIST: AC-03_____ACCESS ENFORCEMENT
 
 [OWTF-AJ-002]
 OWASP_V3: OWASP-AJ-002_____AJAX Testing
-NIST: AC-03_____To Be Filled By Anirudh
+NIST: AC-03_____ACCESS ENFORCEMENT