Difference between revisions of "Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2"

From OWASP
Jump to: navigation, search
Line 17: Line 17:
 
*The guide's "Sensitive Information Storage or Transmission" section was split to match ASVS and is now two new sections "Data Protection" and "Communication Security",   
 
*The guide's "Sensitive Information Storage or Transmission" section was split to match ASVS and is now two new sections "Data Protection" and "Communication Security",   
 
*Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.
 
*Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.
 +
*Additional terms were added to the glossary.
 +
*Several improvements were made thanks to new contributors.
  
 
| release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
 
| release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']

Revision as of 20:10, 9 November 2010

back to project home page

what is this release?
SCP v2 - 8 November 2010 - (download)
Release Description:
  • Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications.
  • Entirely new sections include:
    • Cryptographic Practices,
    • Error Handling and Logging".
  • The guide's "Data Validation" section was split to match ASVS and is now represented as two separate sections "Input Validation" and "Output Encoding",
  • The guide's "Authorization and Access Management" section was renamed to Access Control,
  • The guide's "Sensitive Information Storage or Transmission" section was split to match ASVS and is now two new sections "Data Protection" and "Communication Security",
  • Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.
  • Additional terms were added to the glossary.
  • Several improvements were made thanks to new contributors.
Release License: Creative Commons Attribution Share Alike 3.0
who worked on this release?
Release Leader(s):
Release Contributor(s):
how can you learn more?
Release Notes: View
Main links:
Release Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.