This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Projects/OWASP Framework Matrix

Revision as of 11:08, 15 September 2013 by Nmatatal (talk | contribs)

Jump to: navigation, search

Note: This page is a template part of the OWASP Framework Security Project. Edit this page here

Framework Security Control Present / Not Present Enabled By Default Link to more info Under Development? Contact Point
Automatic escaping in templates
Prepared statements (including ORM)
Django x-frame-options Present No link n/a n/a
Django SECURE Cookie Flag Present No link n/a n/a
Django HTTPOnly Cookie Flag ? ? [# link] ? ?
Rails Automatic CSRF protection Present Yes link n/a n/a
Offsite redirect detection/prevention
javascript: URIs in links
Error suppression in production environments
Mask sensitive data in logs
Encryption abstractions
Prepared statement support
Strict transport security
Content security policy