OWASP - User contributions [en]

User:Dominique RIGHETTO

2019-09-23T09:29:07Z

Dominique RIGHETTO:

[[File:DominiqueRighetto.jpg|200px|thumb|left|Dominique Righetto]]

Bio: http://www.linkedin.com/in/righettod

Ex-CoLeader of the [[OWASP Cheat Sheet Series|Cheat Sheet Series project]].

[mailto:dominique.righetto@owasp.org Contact Me].

[https://www.twitter.com/righettod Follow Me].

[https://www.owasp.org/index.php/Special:Contributions/Dominique_RIGHETTO WIKI contributions].

[http://www.righettod.eu My Homepage].

OWASP Cheat Sheet Series

2019-09-20T04:20:53Z

Dominique RIGHETTO: Remove me from PL role after resign

= Main =
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

== Our goal ==

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. We hope that the OWASP Cheat Sheet Series provides you with excellent security guidance in an easy to read format.

If you have any questions about the OWASP Cheat Sheet Series, please email the project leaders [mailto:dominique.righetto@owasp.org Dominique Righetto] or [mailto:jim.manico@owasp.org Jim Manico], contact us on the project's Slack channel or on our [https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project Google Group] ('''Slack is highly preferred over the Google Group''').

The archives of the old mailing list can be consulted [https://lists.owasp.org/pipermail/owasp-cheat-sheets/index here].

== Official website ==

The official website on which all the cheat sheets are hosted is https://cheatsheetseries.owasp.org .

== Migration to GitHub ==

Project has been fully migrated to [https://github.com/OWASP/CheatSheetSeries GitHub].

This page is used as the OWASP homepage of the project, all the project content is hosted on the [https://github.com/OWASP/CheatSheetSeries GitHub repository] and we work '''only from''' this repository, '''wiki is not used anymore'''.

The [https://github.com/OWASP/CheatSheetSeries GitHub] repository is used for the work on the cheat sheets and the released ones are deployed on the [https://cheatsheetseries.owasp.org official website].

So, from now, only a GitHub account is needed to contribute :)

== Bridge between the projects OWASP Proactive Controls/OWASP Application Security Verification Standard and OWASP Cheat Sheet Series ==

A work channel has been created between these 2 projects and the Cheat Sheet Series using the following process (''OPC = OWASP Proactive Controls / OASVS = OWASP Application Security Verification Standard / OCS = OWASP Cheat Sheet''):

* When a Cheat Sheet is missing for a point in OPC/OASVS then the OCS will handle the missing and create one. When the Cheat Sheet is ready then the reference is added by OPC/OASVS.
* If a Cheat Sheet exists for an OPC/OASVS point but the content do not provide the expected help then the Cheat Sheet is updated to provide the content needed/expected.

The reason of the creation of this bridge is to help the OCS/OASVS projects by providing them:

* A consistent source for the requests regarding new Cheat Sheets.
* Same approach about the update of the existing Cheat Sheets.
* A usage context for the Cheat Sheet and a quick source of feedack about the quality and the efficiency of the Cheat Sheet.

It is not mandatory that a request for a new Cheat Sheet (or for an update) come only from OPC/OASVS, it is just a extra channel.

<pre>Requests from OPC/OASVS are flagged with a special label in the GitHub repository issues list in order to identify them and set them as a top level priority.</pre>

== Project leaders ==

* [https://www.owasp.org/index.php/User:Jmanico Jim Manico] [mailto:jim.manico@owasp.org @]

== Core team ==

* [https://github.com/ThunderSon Elie Saad]
* [https://github.com/mackowski Jakub Maćkowski]
* [https://github.com/rbsec Robin Bailey]
* [https://www.owasp.org/index.php/User:Jmanico Jim Manico]

== Contributors of the V1 of the project ==

Paweł Krawczyk, Mishra Dhiraj, Shruti Kulkarni, Torsten Gigler, Michael Coates, Jeff Williams, Dave Wichers, Kevin Wall, Jeffrey Walton, Eric Sheridan, Kevin Kenan, David Rook, Fred Donovan, Abraham Kang, Dave Ferguson, Shreeraj Shah, Raul Siles, Colin Watson, Neil Matatall, Zaur Molotnikov, Manideep Konakandla, Santhosh Tuppad and '''many more'''!

== Contributors of the V2 of the project ==

See [https://github.com/OWASP/CheatSheetSeries/graphs/contributors here] for a complete list.

| valign="top" style="padding-left:25px;width:200px;" |

== Official website ==

Website of the [https://cheatsheetseries.owasp.org here].

== GitHub repository ==

Repository is [https://github.com/OWASP/CheatSheetSeries here].

== Offline Cheat Sheets collection ==

A offline website of all Cheat Sheets can be obtained [https://github.com/OWASP/CheatSheetSeries#offline-website here].

== Slack & Twitter ==

Slack channel information:
* Server <code>owasp.slack.com</code>
* Channel <code>cheatsheets</code>

Twitter hash tag: '''#[https://twitter.com/search?q=%23owaspcheatsheetseries&src=typd owaspcheatsheetseries]'''

== Google Group ==

[https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project Project Google Group], click [https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project/join here] to join it.

Still used for technical discussion '''but we highly prefer''':
* The Slack channel for announcement and technical discussion.
* The Twitter hash tag for announcement only.

== Project classifications ==

{| width="200" cellpadding="2"
|-
| rowspan="3" align="center" valign="top" width="50%" | [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| align="center" valign="center" width="50%" |
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

== Licensing ==

The OWASP <i>Cheat Sheet Series</i> is free to use under the [https://creativecommons.org/licenses/by-sa/3.0/us/ Creative Commons ShareAlike 3 License].

== Related Projects ==

* [[OWASP Proactive Controls]]
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project]

|}

= Roadmap =

Roadmap is managed using the [https://github.com/OWASP/CheatSheetSeries/projects/1 GitHub feature] of the repository.

= Project Logo =

'''Project is now finished, we let the specification online for further evolution of the logo.'''

Big thanks to Amélie Didion for the design work.

== Logo files ==

Logo files are hosted on the official OWASP dedicated [https://github.com/OWASP/owasp-swag/tree/master/projects/cheat-sheet-series Github repository].

Logo n°1:

[https://github.com/OWASP/owasp-swag/blob/master/projects/cheat-sheet-series/owasp-1.png]

Logo n°2:

[https://github.com/OWASP/owasp-swag/blob/master/projects/cheat-sheet-series/owasp-2.png]

== Objective ==

This section contains the information that we have gathered and plan to use for the creation of the project logo and related design materials.

The first phase of the work is to commission a project logo.

== Phase 1: Logo ==

=== Introduction ===

The project requires a logo which will comprise three components:

* Graphical element indicating the idea or use of the cheat sheets
* The project title
* Motto/straplines.

Not all of these will necessarily be shown together at the same time. Phase 1 requires the creation of a logo, which may be used with one, two or all three of these components.

The logo will be used in many ways such as on a website banner, or just the graphical element on a bag, or the graphical element and a motto/strapline on a t-shirt. These other outputs are not included in the scope of Phase 1.

=== Project Name ===

The project name is ''OWASP Cheat Sheet Series project''. The project name will be positioned next to the graphical element in some outputs, and this layout must be provided. In other cases, the project name will not be included beside the logo.

=== Motto/Strapline ===

Three mottos/straplines will be used in the logo - they are context dependent:

* ''Life is too short, AppSec is tough, Cheat!''
* ''Its not cheating if you do it for the right reasons''
* ''Sometimes the only good thing to do is cheat''.

The logo layout must allow for any of these or none to be included.

=== Layout, Media Formats and Colours ===

Some media or placements may mean the motto/strapline does not fit or is not needed. Therefore the logo must be usable with, or without, the motto/strapline.

The logo will need to be used at multiple scales. For example, if the logo is square excluding the motto/strapline, the following formats must work

* Low-resolution use on web pages (e.g. as small as 100x100 pixels excluding moto/strapline)
* Medium resolution use on fabric such as t-sirts or bags (e.g. 900x900 pixels at 150 dpi)
* High-resolution use on large posters and banners (e.g. as large as 5,000x5,000 pixels at 300dpi).

The logo may be printed in CMYK for physical media, but must also have RGB colours for screen use. Additionally the logo must also be available in grayscale, and separately as single colour (i.e. black and white without any tones).

=== Deliverables Required ===

All outputs must be provided digitally:

# Logo demonstrating how it looks with just the graphical element, the graphical element with the project title, and the graphical element with each of the mottos/straplines, and everything together
# Source layered vector graphic files created in Adobe Illustrator
# Exported versions for quick use low, medium and high resolution full-colour PNG/JPEGs in RGB and CMYK
# Colour and font specification.

Rights/licensing:

# The designer will not retain any rights - all design and use rights will be given to OWASP, who will publish the logo and files using am open source licence, and OWASP will be able to use the logo, source files, ideas, designs in any manner it desires in any media in any quantity, without any additional payments, commission or royalties to the designer or anyone else
# All fonts used in the design must be provided to OWASP and comply with the above requirements

== Future Phases: Other Graphical Elements ==

Scope TBC - Banners, t-shirts, etc

Background pictures (picture provider and designer will be cited on the project site):
* ''A smart tech looking woman reading a piece of paper (the cheatsheet) while resting on a beach.''
* ''A woman hand holding cards with an ace up the sleeve.''

Pictures proposal (just a proposal as bootstrap, others pictures can be used):
* Cards:
** https://www.pexels.com/photo/woman-holding-queen-of-hearts-and-diamonds-922706/
** https://www.pexels.com/photo/ace-card-gambling-hand-274373/
** https://www.pexels.com/photo/ace-bet-business-card-262333/
* Beach:
** https://www.pexels.com/photo/laptop-mockup-notebook-outside-4778/
** https://www.pexels.com/photo/apple-check-computer-female-7079/
** https://www.pexels.com/photo/beach-beach-chair-blur-casual-319921/
** https://www.pexels.com/photo/close-up-of-woman-typing-on-keyboard-of-laptop-6352/
** https://www.pexels.com/photo/black-and-gray-computer-laptop-159784/

__NOTOC__ <headertabs />

[[Category:OWASP_Project|OWASP Cheat Sheets Project]]
[[Category:OWASP_Document]]
[[Category:OWASP_Alpha_Quality_Document]]
[[Category:SAMM-EG-1]]

OWASP Cheat Sheet Series

2019-09-14T09:24:40Z

Dominique RIGHETTO: Add Robin

= Main =
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

== Our goal ==

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. We hope that the OWASP Cheat Sheet Series provides you with excellent security guidance in an easy to read format.

If you have any questions about the OWASP Cheat Sheet Series, please email the project leaders [mailto:dominique.righetto@owasp.org Dominique Righetto] or [mailto:jim.manico@owasp.org Jim Manico], contact us on the project's Slack channel or on our [https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project Google Group] ('''Slack is highly preferred over the Google Group''').

The archives of the old mailing list can be consulted [https://lists.owasp.org/pipermail/owasp-cheat-sheets/index here].

== Official website ==

The official website on which all the cheat sheets are hosted is https://cheatsheetseries.owasp.org .

== Migration to GitHub ==

Project has been fully migrated to [https://github.com/OWASP/CheatSheetSeries GitHub].

This page is used as the OWASP homepage of the project, all the project content is hosted on the [https://github.com/OWASP/CheatSheetSeries GitHub repository] and we work '''only from''' this repository, '''wiki is not used anymore'''.

The [https://github.com/OWASP/CheatSheetSeries GitHub] repository is used for the work on the cheat sheets and the released ones are deployed on the [https://cheatsheetseries.owasp.org official website].

So, from now, only a GitHub account is needed to contribute :)

== Bridge between the projects OWASP Proactive Controls/OWASP Application Security Verification Standard and OWASP Cheat Sheet Series ==

A work channel has been created between these 2 projects and the Cheat Sheet Series using the following process (''OPC = OWASP Proactive Controls / OASVS = OWASP Application Security Verification Standard / OCS = OWASP Cheat Sheet''):

* When a Cheat Sheet is missing for a point in OPC/OASVS then the OCS will handle the missing and create one. When the Cheat Sheet is ready then the reference is added by OPC/OASVS.
* If a Cheat Sheet exists for an OPC/OASVS point but the content do not provide the expected help then the Cheat Sheet is updated to provide the content needed/expected.

The reason of the creation of this bridge is to help the OCS/OASVS projects by providing them:

* A consistent source for the requests regarding new Cheat Sheets.
* Same approach about the update of the existing Cheat Sheets.
* A usage context for the Cheat Sheet and a quick source of feedack about the quality and the efficiency of the Cheat Sheet.

It is not mandatory that a request for a new Cheat Sheet (or for an update) come only from OPC/OASVS, it is just a extra channel.

<pre>Requests from OPC/OASVS are flagged with a special label in the GitHub repository issues list in order to identify them and set them as a top level priority.</pre>

== Project leaders ==

* [https://www.owasp.org/index.php/User:Jmanico Jim Manico] [mailto:jim.manico@owasp.org @]
* [https://www.owasp.org/index.php/User:Dominique_RIGHETTO Dominique Righetto] [mailto:dominique.righetto@owasp.org @]

== Core team ==

* [https://github.com/ThunderSon Elie Saad]
* [https://github.com/mackowski Jakub Maćkowski]
* [https://github.com/rbsec Robin Bailey]
* [https://www.owasp.org/index.php/User:Dominique_RIGHETTO Dominique Righetto]
* [https://www.owasp.org/index.php/User:Jmanico Jim Manico]

== Contributors of the V1 of the project ==

Paweł Krawczyk, Mishra Dhiraj, Shruti Kulkarni, Torsten Gigler, Michael Coates, Jeff Williams, Dave Wichers, Kevin Wall, Jeffrey Walton, Eric Sheridan, Kevin Kenan, David Rook, Fred Donovan, Abraham Kang, Dave Ferguson, Shreeraj Shah, Raul Siles, Colin Watson, Neil Matatall, Zaur Molotnikov, Manideep Konakandla, Santhosh Tuppad and '''many more'''!

== Contributors of the V2 of the project ==

See [https://github.com/OWASP/CheatSheetSeries/graphs/contributors here] for a complete list.

| valign="top" style="padding-left:25px;width:200px;" |

== Official website ==

Website of the [https://cheatsheetseries.owasp.org here].

== GitHub repository ==

Repository is [https://github.com/OWASP/CheatSheetSeries here].

== Offline Cheat Sheets collection ==

A offline website of all Cheat Sheets can be obtained [https://github.com/OWASP/CheatSheetSeries#offline-website here].

== Slack & Twitter ==

Slack channel information:
* Server <code>owasp.slack.com</code>
* Channel <code>cheatsheets</code>

Twitter hash tag: '''#[https://twitter.com/search?q=%23owaspcheatsheetseries&src=typd owaspcheatsheetseries]'''

== Google Group ==

[https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project Project Google Group], click [https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project/join here] to join it.

Still used for technical discussion '''but we highly prefer''':
* The Slack channel for announcement and technical discussion.
* The Twitter hash tag for announcement only.

== Project classifications ==

{| width="200" cellpadding="2"
|-
| rowspan="3" align="center" valign="top" width="50%" | [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| align="center" valign="center" width="50%" |
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

== Licensing ==

The OWASP <i>Cheat Sheet Series</i> is free to use under the [https://creativecommons.org/licenses/by-sa/3.0/us/ Creative Commons ShareAlike 3 License].

== Related Projects ==

* [[OWASP Proactive Controls]]
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project]

|}

= Roadmap =

Roadmap is managed using the [https://github.com/OWASP/CheatSheetSeries/projects/1 GitHub feature] of the repository.

= Project Logo =

'''Project is now finished, we let the specification online for further evolution of the logo.'''

Big thanks to Amélie Didion for the design work.

== Logo files ==

Logo files are hosted on the official OWASP dedicated [https://github.com/OWASP/owasp-swag/tree/master/projects/cheat-sheet-series Github repository].

Logo n°1:

[https://github.com/OWASP/owasp-swag/blob/master/projects/cheat-sheet-series/owasp-1.png]

Logo n°2:

[https://github.com/OWASP/owasp-swag/blob/master/projects/cheat-sheet-series/owasp-2.png]

== Objective ==

This section contains the information that we have gathered and plan to use for the creation of the project logo and related design materials.

The first phase of the work is to commission a project logo.

== Phase 1: Logo ==

=== Introduction ===

The project requires a logo which will comprise three components:

* Graphical element indicating the idea or use of the cheat sheets
* The project title
* Motto/straplines.

Not all of these will necessarily be shown together at the same time. Phase 1 requires the creation of a logo, which may be used with one, two or all three of these components.

The logo will be used in many ways such as on a website banner, or just the graphical element on a bag, or the graphical element and a motto/strapline on a t-shirt. These other outputs are not included in the scope of Phase 1.

=== Project Name ===

The project name is ''OWASP Cheat Sheet Series project''. The project name will be positioned next to the graphical element in some outputs, and this layout must be provided. In other cases, the project name will not be included beside the logo.

=== Motto/Strapline ===

Three mottos/straplines will be used in the logo - they are context dependent:

* ''Life is too short, AppSec is tough, Cheat!''
* ''Its not cheating if you do it for the right reasons''
* ''Sometimes the only good thing to do is cheat''.

The logo layout must allow for any of these or none to be included.

=== Layout, Media Formats and Colours ===

Some media or placements may mean the motto/strapline does not fit or is not needed. Therefore the logo must be usable with, or without, the motto/strapline.

The logo will need to be used at multiple scales. For example, if the logo is square excluding the motto/strapline, the following formats must work

* Low-resolution use on web pages (e.g. as small as 100x100 pixels excluding moto/strapline)
* Medium resolution use on fabric such as t-sirts or bags (e.g. 900x900 pixels at 150 dpi)
* High-resolution use on large posters and banners (e.g. as large as 5,000x5,000 pixels at 300dpi).

The logo may be printed in CMYK for physical media, but must also have RGB colours for screen use. Additionally the logo must also be available in grayscale, and separately as single colour (i.e. black and white without any tones).

=== Deliverables Required ===

All outputs must be provided digitally:

# Logo demonstrating how it looks with just the graphical element, the graphical element with the project title, and the graphical element with each of the mottos/straplines, and everything together
# Source layered vector graphic files created in Adobe Illustrator
# Exported versions for quick use low, medium and high resolution full-colour PNG/JPEGs in RGB and CMYK
# Colour and font specification.

Rights/licensing:

# The designer will not retain any rights - all design and use rights will be given to OWASP, who will publish the logo and files using am open source licence, and OWASP will be able to use the logo, source files, ideas, designs in any manner it desires in any media in any quantity, without any additional payments, commission or royalties to the designer or anyone else
# All fonts used in the design must be provided to OWASP and comply with the above requirements

== Future Phases: Other Graphical Elements ==

Scope TBC - Banners, t-shirts, etc

Background pictures (picture provider and designer will be cited on the project site):
* ''A smart tech looking woman reading a piece of paper (the cheatsheet) while resting on a beach.''
* ''A woman hand holding cards with an ace up the sleeve.''

Pictures proposal (just a proposal as bootstrap, others pictures can be used):
* Cards:
** https://www.pexels.com/photo/woman-holding-queen-of-hearts-and-diamonds-922706/
** https://www.pexels.com/photo/ace-card-gambling-hand-274373/
** https://www.pexels.com/photo/ace-bet-business-card-262333/
* Beach:
** https://www.pexels.com/photo/laptop-mockup-notebook-outside-4778/
** https://www.pexels.com/photo/apple-check-computer-female-7079/
** https://www.pexels.com/photo/beach-beach-chair-blur-casual-319921/
** https://www.pexels.com/photo/close-up-of-woman-typing-on-keyboard-of-laptop-6352/
** https://www.pexels.com/photo/black-and-gray-computer-laptop-159784/

__NOTOC__ <headertabs />

[[Category:OWASP_Project|OWASP Cheat Sheets Project]]
[[Category:OWASP_Document]]
[[Category:OWASP_Alpha_Quality_Document]]
[[Category:SAMM-EG-1]]

Authorization Testing Automation

2019-08-13T16:12:58Z

Dominique RIGHETTO: Point to website

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation.html Testing Automation] to see the latest version of the cheat sheet.

OWASP Cheat Sheet Series

2019-08-03T07:16:16Z

Dominique RIGHETTO: Upgrade to flagship

= Main =
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

== Our goal ==

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. We hope that the OWASP Cheat Sheet Series provides you with excellent security guidance in an easy to read format.

If you have any questions about the OWASP Cheat Sheet Series, please email the project leaders [mailto:dominique.righetto@owasp.org Dominique Righetto] or [mailto:jim.manico@owasp.org Jim Manico], contact us on the project's Slack channel or on our [https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project Google Group] ('''Slack is highly preferred over the Google Group''').

The archives of the old mailing list can be consulted [https://lists.owasp.org/pipermail/owasp-cheat-sheets/index here].

== Official website ==

The official website on which all the cheat sheets are hosted is https://cheatsheetseries.owasp.org .

== Migration to GitHub ==

Project has been fully migrated to [https://github.com/OWASP/CheatSheetSeries GitHub].

This page is used as the OWASP homepage of the project, all the project content is hosted on the [https://github.com/OWASP/CheatSheetSeries GitHub repository] and we work '''only from''' this repository, '''wiki is not used anymore'''.

The [https://github.com/OWASP/CheatSheetSeries GitHub] repository is used for the work on the cheat sheets and the released ones are deployed on the [https://cheatsheetseries.owasp.org official website].

So, from now, only a GitHub account is needed to contribute :)

== Bridge between the projects OWASP Proactive Controls/OWASP Application Security Verification Standard and OWASP Cheat Sheet Series ==

A work channel has been created between these 2 projects and the Cheat Sheet Series using the following process (''OPC = OWASP Proactive Controls / OASVS = OWASP Application Security Verification Standard / OCS = OWASP Cheat Sheet''):

* When a Cheat Sheet is missing for a point in OPC/OASVS then the OCS will handle the missing and create one. When the Cheat Sheet is ready then the reference is added by OPC/OASVS.
* If a Cheat Sheet exists for an OPC/OASVS point but the content do not provide the expected help then the Cheat Sheet is updated to provide the content needed/expected.

The reason of the creation of this bridge is to help the OCS/OASVS projects by providing them:

* A consistent source for the requests regarding new Cheat Sheets.
* Same approach about the update of the existing Cheat Sheets.
* A usage context for the Cheat Sheet and a quick source of feedack about the quality and the efficiency of the Cheat Sheet.

It is not mandatory that a request for a new Cheat Sheet (or for an update) come only from OPC/OASVS, it is just a extra channel.

<pre>Requests from OPC/OASVS are flagged with a special label in the GitHub repository issues list in order to identify them and set them as a top level priority.</pre>

== Project leaders ==

* [https://www.owasp.org/index.php/User:Jmanico Jim Manico] [mailto:jim.manico@owasp.org @]
* [https://www.owasp.org/index.php/User:Dominique_RIGHETTO Dominique Righetto] [mailto:dominique.righetto@owasp.org @]

== Core team ==

* [https://github.com/ThunderSon Elie Saad]
* [https://github.com/mackowski Jakub Maćkowski]
* [https://www.owasp.org/index.php/User:Dominique_RIGHETTO Dominique Righetto]
* [https://www.owasp.org/index.php/User:Jmanico Jim Manico]

== Contributors of the V1 of the project ==

Paweł Krawczyk, Mishra Dhiraj, Shruti Kulkarni, Torsten Gigler, Michael Coates, Jeff Williams, Dave Wichers, Kevin Wall, Jeffrey Walton, Eric Sheridan, Kevin Kenan, David Rook, Fred Donovan, Abraham Kang, Dave Ferguson, Shreeraj Shah, Raul Siles, Colin Watson, Neil Matatall, Zaur Molotnikov, Manideep Konakandla, Santhosh Tuppad and '''many more'''!

== Contributors of the V2 of the project ==

See [https://github.com/OWASP/CheatSheetSeries/graphs/contributors here] for a complete list.

| valign="top" style="padding-left:25px;width:200px;" |

== Official website ==

Website of the [https://cheatsheetseries.owasp.org here].

== GitHub repository ==

Repository is [https://github.com/OWASP/CheatSheetSeries here].

== Offline Cheat Sheets collection ==

A offline website of all Cheat Sheets can be obtained [https://github.com/OWASP/CheatSheetSeries#offline-website here].

== Slack & Twitter ==

Slack channel information:
* Server <code>owasp.slack.com</code>
* Channel <code>cheatsheets</code>

Twitter hash tag: '''#[https://twitter.com/search?q=%23owaspcheatsheetseries&src=typd owaspcheatsheetseries]'''

== Google Group ==

[https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project Project Google Group], click [https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project/join here] to join it.

Still used for technical discussion '''but we highly prefer''':
* The Slack channel for announcement and technical discussion.
* The Twitter hash tag for announcement only.

== Project classifications ==

{| width="200" cellpadding="2"
|-
| rowspan="3" align="center" valign="top" width="50%" | [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| align="center" valign="center" width="50%" |
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

== Licensing ==

The OWASP <i>Cheat Sheet Series</i> is free to use under the [https://creativecommons.org/licenses/by-sa/3.0/us/ Creative Commons ShareAlike 3 License].

== Related Projects ==

* [[OWASP Proactive Controls]]
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project]

|}

= Roadmap =

Roadmap is managed using the [https://github.com/OWASP/CheatSheetSeries/projects/1 GitHub feature] of the repository.

= Project Logo =

'''Project is now finished, we let the specification online for further evolution of the logo.'''

Big thanks to Amélie Didion for the design work.

== Logo files ==

Logo files are hosted on the official OWASP dedicated [https://github.com/OWASP/owasp-swag/tree/master/projects/cheat-sheet-series Github repository].

Logo n°1:

[https://github.com/OWASP/owasp-swag/blob/master/projects/cheat-sheet-series/owasp-1.png]

Logo n°2:

[https://github.com/OWASP/owasp-swag/blob/master/projects/cheat-sheet-series/owasp-2.png]

== Objective ==

This section contains the information that we have gathered and plan to use for the creation of the project logo and related design materials.

The first phase of the work is to commission a project logo.

== Phase 1: Logo ==

=== Introduction ===

The project requires a logo which will comprise three components:

* Graphical element indicating the idea or use of the cheat sheets
* The project title
* Motto/straplines.

Not all of these will necessarily be shown together at the same time. Phase 1 requires the creation of a logo, which may be used with one, two or all three of these components.

The logo will be used in many ways such as on a website banner, or just the graphical element on a bag, or the graphical element and a motto/strapline on a t-shirt. These other outputs are not included in the scope of Phase 1.

=== Project Name ===

The project name is ''OWASP Cheat Sheet Series project''. The project name will be positioned next to the graphical element in some outputs, and this layout must be provided. In other cases, the project name will not be included beside the logo.

=== Motto/Strapline ===

Three mottos/straplines will be used in the logo - they are context dependent:

* ''Life is too short, AppSec is tough, Cheat!''
* ''Its not cheating if you do it for the right reasons''
* ''Sometimes the only good thing to do is cheat''.

The logo layout must allow for any of these or none to be included.

=== Layout, Media Formats and Colours ===

Some media or placements may mean the motto/strapline does not fit or is not needed. Therefore the logo must be usable with, or without, the motto/strapline.

The logo will need to be used at multiple scales. For example, if the logo is square excluding the motto/strapline, the following formats must work

* Low-resolution use on web pages (e.g. as small as 100x100 pixels excluding moto/strapline)
* Medium resolution use on fabric such as t-sirts or bags (e.g. 900x900 pixels at 150 dpi)
* High-resolution use on large posters and banners (e.g. as large as 5,000x5,000 pixels at 300dpi).

The logo may be printed in CMYK for physical media, but must also have RGB colours for screen use. Additionally the logo must also be available in grayscale, and separately as single colour (i.e. black and white without any tones).

=== Deliverables Required ===

All outputs must be provided digitally:

# Logo demonstrating how it looks with just the graphical element, the graphical element with the project title, and the graphical element with each of the mottos/straplines, and everything together
# Source layered vector graphic files created in Adobe Illustrator
# Exported versions for quick use low, medium and high resolution full-colour PNG/JPEGs in RGB and CMYK
# Colour and font specification.

Rights/licensing:

# The designer will not retain any rights - all design and use rights will be given to OWASP, who will publish the logo and files using am open source licence, and OWASP will be able to use the logo, source files, ideas, designs in any manner it desires in any media in any quantity, without any additional payments, commission or royalties to the designer or anyone else
# All fonts used in the design must be provided to OWASP and comply with the above requirements

== Future Phases: Other Graphical Elements ==

Scope TBC - Banners, t-shirts, etc

Background pictures (picture provider and designer will be cited on the project site):
* ''A smart tech looking woman reading a piece of paper (the cheatsheet) while resting on a beach.''
* ''A woman hand holding cards with an ace up the sleeve.''

Pictures proposal (just a proposal as bootstrap, others pictures can be used):
* Cards:
** https://www.pexels.com/photo/woman-holding-queen-of-hearts-and-diamonds-922706/
** https://www.pexels.com/photo/ace-card-gambling-hand-274373/
** https://www.pexels.com/photo/ace-bet-business-card-262333/
* Beach:
** https://www.pexels.com/photo/laptop-mockup-notebook-outside-4778/
** https://www.pexels.com/photo/apple-check-computer-female-7079/
** https://www.pexels.com/photo/beach-beach-chair-blur-casual-319921/
** https://www.pexels.com/photo/close-up-of-woman-typing-on-keyboard-of-laptop-6352/
** https://www.pexels.com/photo/black-and-gray-computer-laptop-159784/

__NOTOC__ <headertabs />

[[Category:OWASP_Project|OWASP Cheat Sheets Project]]
[[Category:OWASP_Document]]
[[Category:OWASP_Alpha_Quality_Document]]
[[Category:SAMM-EG-1]]

Protect FileUpload Against Malicious File

2019-07-15T15:14:31Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Protect_FileUpload_Against_Malicious_File.html Protect FileUpload Against Malicious File] to see the latest version of the cheat sheet.

WinRT Security Cheatsheet

2019-07-15T15:09:24Z

Dominique RIGHETTO: Project cleanup

{{taggedDocument| type=delete| comment=Tagged via fixme/delete.}}

DRAFT Denial of Service Cheat Sheet

2019-07-15T14:54:24Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html Denial of Service Cheat Sheet] to see the latest version of the cheat sheet.

Android Manifest Cheat Sheet

2019-07-15T14:52:07Z

Dominique RIGHETTO: Project cleanup

{{taggedDocument| type=delete| comment=Tagged via fixme/delete.}}

Regular Expression Security Cheatsheet

2019-07-15T14:51:46Z

Dominique RIGHETTO: Project cleanup

= Regular Expression Security Cheatsheet =

== Introduction ==

This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in regular expressions. This can cause bypass of intended validation rules.<br>
<br>

== Cheatsheet ==

Here is a link to the GitHub RegEx repository:
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===
<br><br>

== SAST ==

In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyze all regular expressions from your project:<br>
<code>
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"
</code>

SAST can be downloaded from here:
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===
<br><br>

=Authors and Primary Editors=

Vladimir Ivanov<br>
[http://twitter.com/httpsonly @httpsonly]

{{taggedDocument| type=delete| comment=Tagged via fixme/delete.}}

URL Level Access Control Cheat Sheet

2019-07-15T14:51:18Z

Dominique RIGHETTO: Project cleanup

{{taggedDocument| type=delete| comment=Tagged via fixme/delete.}}

TLS Cipher String Cheat Sheet

2019-07-15T14:47:55Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html TLS Cipher String Cheat Sheet] to see the latest version of the cheat sheet.

Error Handling Cheat Sheet

2019-07-15T14:46:51Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html Error Handling Cheat Sheet] to see the latest version of the cheat sheet.

Securing Cascading Style Sheets (CSS) Cheat Sheet

2019-07-15T14:45:28Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Securing_Cascading_Style_Sheets_Cheat_Sheet.html Securing Cascading Style Sheets (CSS) Cheat Sheet] to see the latest version of the cheat sheet.

Vulnerability Disclosure Cheat Sheet

2019-07-15T14:40:48Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html Vulnerability Disclosure Cheat Sheet] to see the latest version of the cheat sheet.

Threat Modeling Cheat Sheet

2019-07-15T14:40:17Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html Threat Modeling Cheat Sheet] to see the latest version of the cheat sheet.

REST Security Cheat Sheet

2019-07-15T14:39:15Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html REST Security Cheat Sheet] to see the latest version of the cheat sheet.

PHP Security Cheat Sheet

2019-07-15T14:38:38Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/PHP_Configuration_Cheat_Sheet.html PHP Configuration Cheat Sheet] to see the latest version of the cheat sheet.

{{taggedDocument
| type=delete
| comment=Tagged for deletion
}}

Key Management Cheat Sheet

2019-07-15T14:38:01Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html Key Management Cheat Sheet] to see the latest version of the cheat sheet.

Insecure Direct Object Reference Prevention Cheat Sheet

2019-07-15T14:37:14Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html Insecure Direct Object Reference Prevention Cheat Sheet] to see the latest version of the cheat sheet.

Denial of Service Cheat Sheet

2019-07-15T14:36:35Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html Denial of Service Cheat Sheet] to see the latest version of the cheat sheet.

Content Security Policy Cheat Sheet

2019-07-15T14:35:37Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html Content Security Policy Cheat Sheet] to see the latest version of the cheat sheet.

OS Command Injection Defense Cheat Sheet

2019-07-15T14:34:06Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html OS Command Injection Defense Cheat Sheet] to see the latest version of the cheat sheet.

Virtual Patching Cheat Sheet

2019-07-15T14:33:00Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Virtual_Patching_Cheat_Sheet.html Virtual Patching Cheat Sheet] to see the latest version of the cheat sheet.

XML Security Cheat Sheet

2019-07-15T14:32:06Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/XML_Security_Cheat_Sheet.html XML Security Cheat Sheet] to see the latest version of the cheat sheet.

REST Assessment Cheat Sheet

2019-07-15T14:31:21Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/REST_Assessment_Cheat_Sheet.html REST Assessment Cheat Sheet] to see the latest version of the cheat sheet.

Attack Surface Analysis Cheat Sheet

2019-07-15T14:30:42Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.html Attack Surface Analysis Cheat Sheet] to see the latest version of the cheat sheet.

XML External Entity (XXE) Prevention Cheat Sheet

2019-07-15T14:30:00Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html XML External Entity (XXE) Prevention Cheat Sheet] to see the latest version of the cheat sheet.

Web Service Security Cheat Sheet

2019-07-15T14:29:10Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html Web Service Security Cheat Sheet] to see the latest version of the cheat sheet.

User Privacy Protection Cheat Sheet

2019-07-15T14:28:33Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/User_Privacy_Protection_Cheat_Sheet.html User Privacy Protection Cheat Sheet] to see the latest version of the cheat sheet.

Unvalidated Redirects and Forwards Cheat Sheet

2019-07-15T14:27:44Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html Unvalidated Redirects and Forwards Cheat Sheet] to see the latest version of the cheat sheet.

Transport Layer Protection Cheat Sheet

2019-07-15T14:26:27Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html Transport Layer Protection Cheat Sheet] to see the latest version of the cheat sheet.

Transaction Authorization Cheat Sheet

2019-07-15T14:25:39Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Transaction_Authorization_Cheat_Sheet.html Transaction Authorization Cheat Sheet] to see the latest version of the cheat sheet.

SQL Injection Prevention Cheat Sheet

2019-07-15T14:24:53Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html SQL Injection Prevention Cheat Sheet] to see the latest version of the cheat sheet.

SAML Security Cheat Sheet

2019-07-15T14:24:16Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/SAML_Security_Cheat_Sheet.html SAML Security Cheat Sheet] to see the latest version of the cheat sheet.

Session Management Cheat Sheet

2019-07-15T14:23:39Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html Session Management Cheat Sheet] to see the latest version of the cheat sheet.

Ruby on Rails Cheatsheet

2019-07-15T14:22:09Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Ruby_on_Rails_Cheatsheet.html Ruby on Rails Cheatsheet] to see the latest version of the cheat sheet.

Query Parameterization Cheat Sheet

2019-07-15T14:21:33Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html Query Parameterization Cheat Sheet] to see the latest version of the cheat sheet.

Pinning Cheat Sheet

2019-07-15T14:20:59Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Pinning_Cheat_Sheet.html Pinning Cheat Sheet] to see the latest version of the cheat sheet.

Password Storage Cheat Sheet

2019-07-15T14:20:20Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html Password Storage Cheat Sheet] to see the latest version of the cheat sheet.

OWASP Top Ten Cheat Sheet

2019-07-15T14:19:41Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

An [https://github.com/OWASP/CheatSheetSeries/issues/13 open discussion] is pending about to exclude or not this cheat sheet of the V2 of the project.

{{taggedDocument| type=delete| comment=Tagged via fixme/delete.}}

.NET Security Cheat Sheet

2019-07-15T14:18:46Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/DotNet_Security_Cheat_Sheet.html .NET Security Cheat Sheet] to see the latest version of the cheat sheet.

Mass Assignment Cheat Sheet

2019-07-15T14:17:55Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html Mass Assignment Cheat Sheet] to see the latest version of the cheat sheet.

Logging Cheat Sheet

2019-07-15T14:17:02Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html Logging Cheat Sheet] to see the latest version of the cheat sheet.

LDAP Injection Prevention Cheat Sheet

2019-07-15T14:16:04Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html LDAP Injection Prevention Cheat Sheet] to see the latest version of the cheat sheet.

JAAS Cheat Sheet

2019-07-15T14:15:13Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/JAAS_Cheat_Sheet.html JAAS Cheat Sheet] to see the latest version of the cheat sheet.

Input Validation Cheat Sheet

2019-07-15T14:13:08Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html Input Validation Cheat Sheet] to see the latest version of the cheat sheet.

Injection Prevention Cheat Sheet in Java

2019-07-15T14:12:11Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet_in_Java.html Injection Prevention Cheat Sheet in Java] to see the latest version of the cheat sheet.

Injection Prevention Cheat Sheet

2019-07-15T14:11:36Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html Injection Prevention Cheat Sheet] to see the latest version of the cheat sheet.

HTTP Strict Transport Security Cheat Sheet

2019-07-15T14:10:54Z

Dominique RIGHETTO: Point to the official site

__NOTOC__
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html HTTP Strict Transport Security Cheat Sheet] to see the latest version of the cheat sheet.