@scope_tomcat

Feature: 0097 - Basic web security measures and recommendations

Description: In order to be secure
As an authorized user
I want to avoid session and other attacks

File name: srv_security.feature

Relative path: secondary/srv_security.feature

Scenarios

Chart

Status

Progress

Passed	100.00 %
Failed	0.00 %

Total duration:

00:00:00.063

@scope_tomcat

@scope_tomcat

When I retrieve a "css" static resource 00:00:00.022

Then the response header "ETag" should not be present 00:00:00.000

And the response header "Pragma" should not be present 00:00:00.000

And the response header "Expires" should not be "0" 00:00:00.000

And the response header "Set-Cookie" should not be present 00:00:00.000

And the response header "X-Frame-Options" should contain "SAMEORIGIN" 00:00:00.000

And the response header "X-XSS-Protection" should be "1; mode=block" 00:00:00.000

And the response header "X-Content-Type-Options" should be "nosniff" 00:00:00.000

And the response header "X-Permitted-Cross-Domain-Policies" should be "master-only" 00:00:00.000

@scope_tomcat

Given I retrieve a "javascript" static resource 00:00:00.022

Then the response header "X-WebKit-CSP" should not be present 00:00:00.000