|
|
| (6 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| − | = Authentication=
| + | Moved to [[Secure Coding Cheat Sheet]]. |
| − | == Password Complexity ==
| |
| − | == Password Rotation
| |
| − | == Account Lockout and Failed Login ==
| |
| − | == Password Reset Functions ==
| |
| − | == Email Change and Verification Functions ==
| |
| − | == Password Storage ==
| |
| − | === Old Password Hashes ===
| |
| − | === Migration ===
| |
| − | | |
| − | = Session Management =
| |
| − | == Session ID Length ==
| |
| − | == Session ID Creation ==
| |
| − | == Inactivity Time Out ==
| |
| − | == Secure Flag ==
| |
| − | == HTTP-Only Flag ==
| |
| − | == Logout ==
| |
| − | | |
| − | = Access Control =
| |
| − | == Presentation Layer ==
| |
| − | == Business Layer ==
| |
| − | == Data Layer ==
| |
| − | | |
| − | = Input Validation =
| |
| − | == Goal of Input Validation ==
| |
| − | == JavaScript vs Server Side Validation ==
| |
| − | == Positive Approach ==
| |
| − | == Robust Use of Input Validation ==
| |
| − | == Validating Rich User Content ==
| |
| − | == File Upload ==
| |
| − | | |
| − | = Output Encoding =
| |
| − | == Preventing XSS and Content Security Policy ==
| |
| − | == Preventing SQL Injection ==
| |
| − | == Preventing OS Injection ==
| |
| − | == Preventing XML Injection ==
| |
| − | | |
| − | = Cross Domain Request Forgery =
| |
| − | == Preventing CSRF ==
| |
| − | == Preventing Malicious Site Framing (ClickJacking) ==
| |
| − | == 3rd Party Scripts ==
| |
| − | == Connecting with Twitter, Facebook, etc ==
| |
| − | | |
| − | = Secure Transmission =
| |
| − | == When To Use SSL/TLS ==
| |
| − | == Don't Allow HTTP Access to Secure Pages ==
| |
| − | == Implement STS ==
| |
Latest revision as of 05:54, 7 November 2011
Moved to Secure Coding Cheat Sheet.
