OWASP Proactive Controls
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?
- Password Storage - Forgot Password Workflow - Multi-Factor AuthN
- Permission based access control - Limits of RBAC
- Whitelist Validation (struggles with internationalization) - URL validation (as part of redirect features) - HTML Validation (as part of untrusted content from features like TinyMCE)
- Output encoding for XSS - Query Parameterization - Other encodings for LDAP, XML construction and OS Command injection resistance
- At rest and in transit - Secure number generation - Certificate pinning - Proper use of AES (CBC/IV Management)
- Core requirements for any project (technical) - Business logic requirements (project specific)
Secure Architecture and Design
- When to use request, session or database for data flow