Difference between revisions of "Projects/OWASP Framework Matrix"

From OWASP
Jump to: navigation, search
Line 9: Line 9:
 
| align="center" style="background:#f0f0f0;"|'''Under Development?'''
 
| align="center" style="background:#f0f0f0;"|'''Under Development?'''
 
| align="center" style="background:#f0f0f0;"|'''Contact Point'''
 
| align="center" style="background:#f0f0f0;"|'''Contact Point'''
 +
|-
 +
| || Automatic escaping in templates || || ||  ||  ||
 +
|-
 +
| || Prepared statements (including ORM) || || ||  ||  ||
 
|-
 
|-
 
| Django||x-frame-options||Present||No||[https://docs.djangoproject.com/en/dev/ref/clickjacking/#setting-x-frame-options-for-all-responses link]||n/a||n/a
 
| Django||x-frame-options||Present||No||[https://docs.djangoproject.com/en/dev/ref/clickjacking/#setting-x-frame-options-for-all-responses link]||n/a||n/a
Line 17: Line 21:
 
|-
 
|-
 
| Rails||Automatic CSRF protection||Present||Yes||[http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf link]||n/a||n/a
 
| Rails||Automatic CSRF protection||Present||Yes||[http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf link]||n/a||n/a
 +
|-
 +
| || Offsite redirect detection/prevention || || ||  ||  ||
 +
|-
 +
| || javascript: URIs in links || || ||  ||  ||
 +
|-
 +
| || Error suppression in production environments || || ||  ||  ||
 +
|-
 +
| || Mask sensitive data in logs || || ||  ||  ||
 +
|-
 +
| || Encryption abstractions || || ||  ||  ||
 +
|-
 +
| || Prepared statement support || || ||  ||  ||
 +
|-
 +
| || Strict transport security || || ||  ||  ||
 +
|-
 +
| || Content security policy || || ||  ||  ||
 
|}
 
|}

Revision as of 12:08, 15 September 2013

Note: This page is a template part of the OWASP Framework Security Project. Edit this page here

Framework Security Control Present / Not Present Enabled By Default Link to more info Under Development? Contact Point
Automatic escaping in templates
Prepared statements (including ORM)
Django x-frame-options Present No link n/a n/a
Django SECURE Cookie Flag Present No link n/a n/a
Django HTTPOnly Cookie Flag ? ? [# link] ? ?
Rails Automatic CSRF protection Present Yes link n/a n/a
Offsite redirect detection/prevention
javascript: URIs in links
Error suppression in production environments
Mask sensitive data in logs
Encryption abstractions
Prepared statement support
Strict transport security
Content security policy