Projects/OWASP Framework Matrix
From OWASP
Note: This page is a template part of the OWASP Framework Security Project. Edit this page here
| Framework | Security Control | Present / Not Present | Enabled By Default | Link to more info | Under Development? | Contact Point |
| Automatic escaping in templates | ||||||
| Prepared statements (including ORM) | ||||||
| Django | x-frame-options | Present | No | link | n/a | n/a |
| Django | SECURE Cookie Flag | Present | No | link | n/a | n/a |
| Django | HTTPOnly Cookie Flag | ? | ? | [# link] | ? | ? |
| Rails | Automatic CSRF protection | Present | Yes | link | n/a | n/a |
| Offsite redirect detection/prevention | ||||||
| javascript: URIs in links | ||||||
| Error suppression in production environments | ||||||
| Mask sensitive data in logs | ||||||
| Encryption abstractions | ||||||
| Strict transport security | ||||||
| Content security policy |
