Difference between revisions of "Category:OWASP Top Ten Controls Project"

From OWASP
Jump to: navigation, search
(OWASP Top Ten Proactive Controls)
m (OWASP Top Ten Proactive Controls)
Line 12: Line 12:
 
# Data Protection
 
# Data Protection
 
## Hashed, Salted and Stretched Password Storage per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
 
## Hashed, Salted and Stretched Password Storage per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
## Cryptographic Storage of sensitive user data like PII information
+
## Cryptographic Storage of sensitive user data like PII information https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet
 
## Use of TLS in transit
 
## Use of TLS in transit
 
# Output Encoding per https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
 
# Output Encoding per https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
Line 21: Line 21:
 
# Access Control Design
 
# Access Control Design
 
# Virtual Patching
 
# Virtual Patching
 +
# Secure Requirements and Design
  
 
Others to consider
 
Others to consider
  
 +
# Accountability
 +
## Logging
 +
##Error handling and structured exceptions
 +
##Security incident event management
 
# Re-authentication (authenticating individual transactions)
 
# Re-authentication (authenticating individual transactions)
 
# CSRF Tokens
 
# CSRF Tokens

Revision as of 21:48, 16 January 2013

Introduction

This is a placeholder page for the upcoming OWASP Top Ten Controls 2013 document.

This project, similar to the OWASP Top Ten Risks document, is meant to directly bring awareness to controls that developers need to use in secure web application development.

OWASP Top Ten Proactive Controls

These controls may include:

  1. Query Parameterization per https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet
  2. Data Protection
    1. Hashed, Salted and Stretched Password Storage per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
    2. Cryptographic Storage of sensitive user data like PII information https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet
    3. Use of TLS in transit
  3. Output Encoding per https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
  4. Forgot Password Workflow per https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
  5. Content Security Policy
  6. Secure JSON Parsing
  7. Input Validation per https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
  8. Access Control Design
  9. Virtual Patching
  10. Secure Requirements and Design

Others to consider

  1. Accountability
    1. Logging
    2. Error handling and structured exceptions
    3. Security incident event management
  2. Re-authentication (authenticating individual transactions)
  3. CSRF Tokens
  4. Framebusting
  5. Defense to prevent http://en.wikipedia.org/wiki/Remote_file_inclusion

Glossary of Terms

TODO

This category currently contains no pages or media.