Difference between revisions of "Category:OWASP Top Ten Controls Project"

From OWASP
Jump to: navigation, search
(List of Top Ten Controls)
m (List of Top Ten Controls)
Line 5: Line 5:
 
This project, similar to the OWASP Top Ten Risks document, is meant to directly bring awareness to controls that developers need to use in secure web application development.
 
This project, similar to the OWASP Top Ten Risks document, is meant to directly bring awareness to controls that developers need to use in secure web application development.
  
== List of Top Ten Controls ==  
+
== OWASP Top Ten Proactive Controls ==  
  
 
These controls may include:
 
These controls may include:

Revision as of 21:43, 16 January 2013

Introduction

This is a placeholder page for the upcoming OWASP Top Ten Controls 2013 document.

This project, similar to the OWASP Top Ten Risks document, is meant to directly bring awareness to controls that developers need to use in secure web application development.

OWASP Top Ten Proactive Controls

These controls may include:

  1. Query Parameterization per https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet
  2. Hashed, Salted and Stretched Password Storage per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
  3. Output Encoding per https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
  4. Forgot Password Workflow per https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
  5. Content Security Policy
  6. Secure JSON Parsing
  7. Input Validation per https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
  8. Transport Layer Security
  9. Access Control Design
  10. Virtual Patching

Others to consider

  1. Re-authentication (authenticating individual transactions)
  2. CSRF Tokens
  3. Framebusting
  4. Defense to prevent http://en.wikipedia.org/wiki/Remote_file_inclusion

Glossary of Terms

TODO

This category currently contains no pages or media.