Difference between revisions of "OWASP Proactive Controls"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
  
 
= Top Ten Proactive Controls =
 
= Top Ten Proactive Controls =
 +
 +
== Authentication ==
 +
 +
== Access Control ==
 +
 +
== Validation ==
 +
 +
== Encoding ==
 +
 +
Mostly output encoding to stop injection
 +
 +
== Query Parameterization ==
 +
 +
Special case due to how bad SQLi is
 +
 +
== Data Protection ==
 +
 +
== Secure Requirements ==
 +
 +
== Secure Architecture ==
 +
 +
== Secure Design ==
 +
 +
Like forgot password workflow, and other workflows that fall outside of basic requirements and architecture
 +
 +
== Secure Configuration ==
 +
 +
At rest and in transit
  
 
__NOTOC__  
 
__NOTOC__  

Revision as of 04:49, 10 March 2013

[edit]

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Proactive Controls (home page)
Purpose: A Top 10 like document, phrased in a positive, testable manner that describes the Top 10 controls architects and developers should absolutely, 100% include in every project.
License: Creative Commons Attribution ShareAlike 3.0 License
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases

Authentication

Access Control

Validation

Encoding

Mostly output encoding to stop injection

Query Parameterization

Special case due to how bad SQLi is

Data Protection

Secure Requirements

Secure Architecture

Secure Design

Like forgot password workflow, and other workflows that fall outside of basic requirements and architecture

Secure Configuration

At rest and in transit