This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Other really good requirements that aren't generic enough to be part of the project but that might be what you're looking for in YOUR environment

From OWASP
Jump to: navigation, search

Intro

Infrastructure Tips and Requirements

DNS

  1. No internal hostnames or addresses will be published on internet-facing DNS servers

Network Equipment

  1. Management interfaces will never be on internet-facing interfaces
  2. Egress-blocking will be strictly enforced in DMZs. Only necessary traffic will be permitted to be initiated outbound.

OS and Webserver Tips and Requirements

Windows

  1. All Windows systems will be members of a dedicated DMZ domain/forest

Apache

ModSecurity will be running with a basic ruleset

iPhone Tips and Requirements

  1. I have no idea but there's probably SOMETHING
  2. Maybe "checks for jailbreak and won't install"

Language Tips and Requirements

Java

  1. Will adhere to ESAPI guidelines, standards, and code to the maximum extent possible.

.Net

  1. Will adhere to .Net ESAPI guidelines, standards, and code to the maximum extent possible.

PHP

  1. <sarcasm>Shall be discarded in favor of dang near anything else</sarcasm>