Difference between revisions of "Projects/OWASP Framework Matrix"
From OWASP
| Line 31: | Line 31: | ||
|- | |- | ||
| || Encryption abstractions || || || || || | | || Encryption abstractions || || || || || | ||
| − | |||
| − | |||
|- | |- | ||
| || Strict transport security || || || || || | | || Strict transport security || || || || || | ||
Latest revision as of 17:09, 15 September 2013
Note: This page is a template part of the OWASP Framework Security Project. Edit this page here
| Framework | Security Control | Present / Not Present | Enabled By Default | Link to more info | Under Development? | Contact Point |
| Automatic escaping in templates | ||||||
| Prepared statements (including ORM) | ||||||
| Django | x-frame-options | Present | No | link | n/a | n/a |
| Django | SECURE Cookie Flag | Present | No | link | n/a | n/a |
| Django | HTTPOnly Cookie Flag | ? | ? | [# link] | ? | ? |
| Rails | Automatic CSRF protection | Present | Yes | link | n/a | n/a |
| Offsite redirect detection/prevention | ||||||
| javascript: URIs in links | ||||||
| Error suppression in production environments | ||||||
| Mask sensitive data in logs | ||||||
| Encryption abstractions | ||||||
| Strict transport security | ||||||
| Content security policy |
