Detections
Analytics

CSCv6|18.9

Title

For in-house developed applications, ensure that development artifacts are not included in the deployed software, or accessible in the production environment.

Description

For in-house developed applications, ensure that development artifacts (sample data and scripts; unused libraries, components, debug code; or tools) are not included in the deployed software, or accessible in the production environment.

Reference Item Details

Category: Application Software Security

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1.2 Ensure 'extproc' Is Not Present in 'listener.ora'WindowsCIS Oracle Server 12c Windows v3.0.0
2.1.2 Ensure 'extproc' Is Not Present in 'listener.ora'UnixCIS Oracle Server 12c Linux v3.0.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2012 Database L1 DB v1.6.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2012 Database L1 AWS RDS v1.6.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2014 Database L1 AWS RDS v1.5.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2014 Database L1 DB v1.5.0
3.7 Ensure the Core Dump Directory Is SecuredUnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
3.7 Ensure the Core Dump Directory Is SecuredUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
3.7 Ensure the Core Dump Directory Is SecuredUnixCIS Apache HTTP Server 2.2 L1 v3.6.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0
5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0
5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0
5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
5.4 Ensure Default HTML Content Is Removed - 'Server Status handler does not exist'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
5.4 Ensure Default HTML Content Is Removed - 'Server Status handler does not exist'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0
5.6 Ensure the Default CGI Content test-cgi Script Is RemovedUnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
5.6 Ensure the Default CGI Content test-cgi Script Is RemovedUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
5.6 Ensure the Default CGI Content test-cgi Script Is RemovedUnixCIS Apache HTTP Server 2.2 L1 v3.6.0
6.4 Ensure that server-side scripting is disabled if not neededWindowsCIS MongoDB 3.2 L2 Windows Audit v1.0.0
6.4 Ensure that server-side scripting is disabled if not neededUnixCIS MongoDB 3.4 L2 Unix Audit v1.0.0
6.4 Ensure that server-side scripting is disabled if not neededUnixCIS MongoDB 3.2 L2 Unix Audit v1.0.0
6.4 Ensure that server-side scripting is disabled if not neededWindowsCIS MongoDB 3.4 L2 Windows Audit v1.0.0
6.5 Ensure The 'test' database is not installedMongoDBCIS MongoDB 3.2 Database Audit L2 v1.0.0
8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0
8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
8.3 Ensure All Default Apache Content Is Removed - 'httpd.conf Alias /icons/ /var/www/icons/ does not exists'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
8.3 Ensure All Default Apache Content Is Removed - 'httpd.conf Alias /icons/ /var/www/icons/ does not exists'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
8.3 Ensure All Default Apache Content Is Removed - 'httpd.conf Include conf/extra/httpd-autoindex.conf does not exists'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
8.3 Ensure All Default Apache Content Is Removed - 'httpd.conf Include conf/extra/httpd-autoindex.conf does not exists'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
8.4 Ensure ETag Response Header Fields Do Not Include InodesUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
8.4 Ensure ETag Response Header Fields Do Not Include InodesUnixCIS Apache HTTP Server 2.2 L2 v3.6.0