Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6157 | APP3080 | SV-6157r1_rule | DCSQ-1 | Medium |
Description |
---|
Resource information in code can easily advertise available vulnerabilities to unauthorized users. By placing the references into configuration files, the files can be further protected by file permissions and will be separated for ease of updating. |
STIG | Date |
---|---|
Application Security and Development STIG | 2014-04-03 |
Check Text ( C-14177r1_chk ) |
---|
Search the source code for common URL prefixes and suffixes and to the extent feasible with available tools, NFS shares, NetBIOS shares and IP addresses. All such resources should be captured from configuration files (i.e., “http://”, ftp://, “.mil”, “.com”). 1) If any references are invalid, it is a finding. |
Fix Text (F-16990r1_fix) |
---|
Remove any invalid URL or path references from the application. |