Difference between revisions of "Projects/OWASP Framework Matrix"
From OWASP
(Created page with "abc") |
|||
| (7 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | Note: This page is a template part of the [https://www.owasp.org/index.php/OWASP_Framework_Security_Project OWASP Framework Security Project]. Edit this page [https://www.owasp.org/index.php?title=Projects/OWASP_Framework_Matrix&action=edit here] | |
| + | |||
| + | {| class="wikitable sortable" border="1" | ||
| + | | align="center" style="background:#f0f0f0;"|'''Framework''' | ||
| + | | align="center" style="background:#f0f0f0;"|'''Security Control''' | ||
| + | | align="center" style="background:#f0f0f0;"|'''Present / Not Present''' | ||
| + | | align="center" style="background:#f0f0f0;"|'''Enabled By Default''' | ||
| + | | align="center" style="background:#f0f0f0;"|'''Link to more info''' | ||
| + | | align="center" style="background:#f0f0f0;"|'''Under Development?''' | ||
| + | | align="center" style="background:#f0f0f0;"|'''Contact Point''' | ||
| + | |- | ||
| + | | || Automatic escaping in templates || || || || || | ||
| + | |- | ||
| + | | || Prepared statements (including ORM) || || || || || | ||
| + | |- | ||
| + | | Django||x-frame-options||Present||No||[https://docs.djangoproject.com/en/dev/ref/clickjacking/#setting-x-frame-options-for-all-responses link]||n/a||n/a | ||
| + | |- | ||
| + | | Django||SECURE Cookie Flag||Present||No||[https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_SECURE link]||n/a||n/a | ||
| + | |- | ||
| + | | Django||HTTPOnly Cookie Flag||?||?||[# link]||?||? | ||
| + | |- | ||
| + | | Rails||Automatic CSRF protection||Present||Yes||[http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf link]||n/a||n/a | ||
| + | |- | ||
| + | | || Offsite redirect detection/prevention || || || || || | ||
| + | |- | ||
| + | | || javascript: URIs in links || || || || || | ||
| + | |- | ||
| + | | || Error suppression in production environments || || || || || | ||
| + | |- | ||
| + | | || Mask sensitive data in logs || || || || || | ||
| + | |- | ||
| + | | || Encryption abstractions || || || || || | ||
| + | |- | ||
| + | | || Strict transport security || || || || || | ||
| + | |- | ||
| + | | || Content security policy || || || || || | ||
| + | |} | ||
Latest revision as of 17:09, 15 September 2013
Note: This page is a template part of the OWASP Framework Security Project. Edit this page here
| Framework | Security Control | Present / Not Present | Enabled By Default | Link to more info | Under Development? | Contact Point |
| Automatic escaping in templates | ||||||
| Prepared statements (including ORM) | ||||||
| Django | x-frame-options | Present | No | link | n/a | n/a |
| Django | SECURE Cookie Flag | Present | No | link | n/a | n/a |
| Django | HTTPOnly Cookie Flag | ? | ? | [# link] | ? | ? |
| Rails | Automatic CSRF protection | Present | Yes | link | n/a | n/a |
| Offsite redirect detection/prevention | ||||||
| javascript: URIs in links | ||||||
| Error suppression in production environments | ||||||
| Mask sensitive data in logs | ||||||
| Encryption abstractions | ||||||
| Strict transport security | ||||||
| Content security policy |
