Category:OWASP Top Ten Controls Project
This is a placeholder page for the upcoming OWASP Top Ten Controls 2013 document.
This project, similar to the OWASP Top Ten Risks document, is meant to directly bring awareness to controls that developers need to use in secure web application development.
OWASP Top Ten Proactive Controls
These controls may include:
- Query Parameterization per https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet
- Data Protection
- Hashed, Salted and Stretched Password Storage per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
- Cryptographic Storage of sensitive user data like PII information
- Use of TLS in transit
- Output Encoding per https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
- Forgot Password Workflow per https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
- Content Security Policy
- Secure JSON Parsing
- Input Validation per https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
- Access Control Design
- Virtual Patching
Others to consider
- Re-authentication (authenticating individual transactions)
- CSRF Tokens
- Defense to prevent http://en.wikipedia.org/wiki/Remote_file_inclusion
Glossary of Terms
This category currently contains no pages or media.