OWASP Secure Coding Practices - Quick Reference Guide

Main


Welcome to the Secure Coding Practices Quick Reference Guide Project
The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.

The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.

It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.

Sections of the Guide:

 * Table of contents
 * Introduction
 * Software Security Principles Overview
 * Secure Coding Practices Checklist
 * Links to useful resources
 * Glossary of important terminology

Download the current v2 (Stable) release:
 * [[Media:OWASP_SCP_Quick_Reference_Guide_v2.pdf|English version PDF]]
 * [[Media:OWASP_SCP_Quick_Reference_Guide_v2.doc|English version MS Word]]

Translations:


 * [[Media:OWASP_SCP_v1.3_pt-BR.pdf|Brazilian Portuguese Translation PDF]]
 * [[Media:OWASP_SCP_v1.3_pt-PT.pdf|Portugal Portuguese Translation PDF]]
 * [[Media:2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf|Korean Translation PDF]]
 * [[Media:OWASP_SCP_Quick_Reference_Guide_SPA.doc|Spanish Translation doc]]
 * [[Media:OWASP_SCP_Quick_Reference_Guide_%28Chinese%29.pdf|Chinese Translation PDF]]

Related Presentations: This slide deck incorporates many concepts from the Quick reference guide, but also utilizes other OWASP resources. Web Application Development Dos and Donts - Presentation from the Royal Bank of Scotland

Project Feedback and Disposition History

XLS Feedback Spreadsheet

Feedback and Participation:
I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].

Project mailing list and archives: subscription page.

Project Contributors:
If you contribute to this Project, please add your name here Project Lead: Contributors: Translation Contributors Portuguese Translation Korean Translation Spanish Translation Chinese Translation
 * Keith Turpin
 * Dan Kranz
 * Walt Pietrowski
 * Catherine Spencer
 * [mailto:Caleb.mcgary@gmail.com Caleb McGary]
 * [mailto:bradcausey@owasp.org Brad Causey]
 * [mailto:ludovic.petit@owasp.org Ludovic Petit]
 * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]
 * [mailto:jim.manico@owasp.org Jim Manico]
 * Jason Coleman
 * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]
 * [mailto:petand@lvk.cs.msu.su Andrew Petukhov]
 * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]
 * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]
 * [mailto:leandrock@gmail.com Leandro Gomes]
 * OWASP Korea chapter
 * Canedo,Gerardo
 * Flores,Mauro
 * Hill,Alberto
 * Martinez,Mateo
 * Papaleo,Mauricio
 * Soarez,Nicolás
 * Targetta, Cecilia
 * [mailto:wangj@owasp.org.cn Jie Wang]
 * Yongliang He
 * Henghui Lin