This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Top Ten Controls Project"
From OWASP
(just getting started) |
|||
| Line 18: | Line 18: | ||
# Access Control Design | # Access Control Design | ||
# Virtual Patching | # Virtual Patching | ||
| + | |||
| + | Others to consider | ||
| + | |||
| + | # Re-authentication (authenticating individual transactions) | ||
| + | # CSRF Tokens | ||
| + | # Framebusting | ||
== Glossary of Terms == | == Glossary of Terms == | ||
TODO | TODO | ||
Revision as of 23:51, 2 January 2013
Introduction
This is a placeholder page for the upcoming OWASP Top Ten Controls 2013 document.
This project, similar to the OWASP Top Ten Risks document, is meant to directly bring awareness to controls that developers need to use in secure web application development.
List of Top Ten Controls
These controls may include:
- Query Parameterization per https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet
- Hashed, Salted and Stretched Password Storage per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
- Output Encoding per https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
- Forgot Password Workflow per https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
- Content Security Policy
- Secure JSON Parsing
- Input Validation per https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
- Transport Layer Security
- Access Control Design
- Virtual Patching
Others to consider
- Re-authentication (authenticating individual transactions)
- CSRF Tokens
- Framebusting
Glossary of Terms
TODO
This category currently contains no pages or media.
