This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Proactive Controls"
m |
m (→Translations) |
||
| (23 intermediate revisions by 3 users not shown) | |||
| Line 47: | Line 47: | ||
== Key Contributors == | == Key Contributors == | ||
| − | + | * [[User:Taras Ivashchenko|Taras Ivashchenko]] [mailto:taras.ivaschenko@owasp.org @] (Russian Translation) | |
| + | * Jay Zudilin (Russian Translation) | ||
* Danny Harris [mailto:danny.harris@owasp.org @] | * Danny Harris [mailto:danny.harris@owasp.org @] | ||
* Hiroaki Kuramochi (Japanese Translation) | * Hiroaki Kuramochi (Japanese Translation) | ||
| Line 78: | Line 79: | ||
== Quick Access == | == Quick Access == | ||
| − | * Top 10 Proactive Controls 2018 [[Media:OWASP_Top_10_Proactive_Controls_V3.pdf| | + | * Top 10 Proactive Controls 2018 PDF: [[Media:OWASP_Top_10_Proactive_Controls_V3.pdf|EN]] | [[Media:OWASP_TOP_10_Proactive_Controls_2018_V3_PL.pdf|PL]] | [[Media:Owasp-top-10-proactive-controls-2018-russian.pdf|Ru]] |
| − | + | ||
* Top 10 Proactive Controls 2018 [[Media:OWASP_Top_Ten_Proactive_Controls_v3.pptx|PPT Download]] | * Top 10 Proactive Controls 2018 [[Media:OWASP_Top_Ten_Proactive_Controls_v3.pptx|PPT Download]] | ||
* Top 10 Proactive Controls 2018 [[Media:OWASP_Top_10_Proactive_Controls_V3.docx|DOCX Download]] | * Top 10 Proactive Controls 2018 [[Media:OWASP_Top_10_Proactive_Controls_V3.docx|DOCX Download]] | ||
| + | * Mapping to other OWASP and IEEE Top 10 Lists [[Media:Owasp-pc-ieee-ott-omtt-ssdf.pdf|PDF Download]] | ||
== Translations == | == Translations == | ||
| + | * Top 10 Proactive Controls 2018 Chinese [[Media:OWASP_Top_10_Proactive_Controls_V3_Chinese.pdf|PDF Download]] | ||
| + | * Top 10 Proactive Controls 2018 Russian [[Media:Owasp-top-10-proactive-controls-2018-russian.pdf|PDF Download]] | ||
* Top 10 Proactive Controls 2018 Polish [[Media:OWASP_TOP_10_Proactive_Controls_2018_V3_PL.pdf|PDF Download]] | * Top 10 Proactive Controls 2018 Polish [[Media:OWASP_TOP_10_Proactive_Controls_2018_V3_PL.pdf|PDF Download]] | ||
* Top 10 Proactive Controls 2016 Traditional Chinese Translation [[Media:OWASPTop10ProactiveControls2016-Chinese.pdf|PDF Download]] | * Top 10 Proactive Controls 2016 Traditional Chinese Translation [[Media:OWASPTop10ProactiveControls2016-Chinese.pdf|PDF Download]] | ||
| Line 131: | Line 135: | ||
Wiki version- is currently work in progress . | Wiki version- is currently work in progress . | ||
| − | |||
= News = | = News = | ||
| + | * [ July 2019] Featured in Coursera course from UCDavies [https://www.coursera.org/directory/videos?courseId=V1k0pBtIEemZRAqH7m9oGA Identifying Security Vulnerabilities] | ||
| + | * [23 June 2019] Featured on HackerCombat: [https://hackercombat.com/implement-owasp-proactive-controls-to-work/ Implement OWASP Proactive Controls to Work] | ||
| + | * [7 June 2019] Feature on OWASP DevSlop Show [https://www.youtube.com/watch?v=Jdb3qweDc_Q Proactive Controls] | ||
| + | * [15 May 2019] Featured in TechBeacon: [https://techbeacon.com/security/put-owasp-top-10-proactive-controls-work Put OWASP Top 10 Proactive Controls to work] | ||
| + | * [2 Mar 2019] Webinar: [https://www.youtube.com/watch?v=ldXe8f5yVq8 The OWASP Top Ten Proactive Controls with Jim Manico] | ||
| + | * [Dec 2018] Featured as the resource for Security “Shifting to the Left”! in the ISC2 course: "DevSecOps: Integrating Security into DevOps” | ||
| + | * [20 Sep 2018 Featured in TechBeacon: [https://techbeacon.com/owasp-top-10-proactive-controls-2018-how-it-makes-your-code-more-secure OWASP Top 10 Proactive Controls 2018: How it makes your code more secure] | ||
| + | * [17 Sep 2018] Binary Blogger Podcast Episodes: [https://binaryblogger.com/2018/09/17/owasp-top-10-proactive-controls-podcast-episodes/ OWASP Top 10 Proactive Controls Podcast Episodes] | ||
* [9 May 2018] Featured in [https://techbeacon.com/developer-secure-code-starter-kit-resources Developer's security guide: 50 online resources to shift left] | * [9 May 2018] Featured in [https://techbeacon.com/developer-secure-code-starter-kit-resources Developer's security guide: 50 online resources to shift left] | ||
* [7 May 2018] 3.0 released! | * [7 May 2018] 3.0 released! | ||
| Line 159: | Line 170: | ||
= Users = | = Users = | ||
| − | ''"Giving | + | * Michael Leung - Management consultant with Canadian Cybersecurity Inc. |
| − | + | : ''"Giving developers guidance that was practical was challenging. The OWASP Top 10 Proactive Controls helped a lot."'' | |
| + | |||
| + | |||
| + | '''Disclaimer''' | ||
| − | |||
Organizations listed are not accredited by OWASP. Neither their products or services have been endorsed by OWASP. | Organizations listed are not accredited by OWASP. Neither their products or services have been endorsed by OWASP. | ||
| − | + | ||
| + | '''How to get listed''' | ||
| + | |||
Please let us know how your organization is using OWASP Top 10 Proactive Controls. Include your name, organization's name, and brief description of how you use the project. The project lead can be reached [mailto:katy.anton@owasp.org here]. | Please let us know how your organization is using OWASP Top 10 Proactive Controls. Include your name, organization's name, and brief description of how you use the project. The project lead can be reached [mailto:katy.anton@owasp.org here]. | ||
| Line 206: | Line 221: | ||
= Translations = | = Translations = | ||
| + | |||
| + | |||
| + | == 2018 Version == | ||
| + | * Top 10 Proactive Controls 2018 Russian Translation: [[Media:Owasp-top-10-proactive-controls-2018-russian.pdf|PDF Download]] | ||
| + | * Top 10 Proactive Controls 2018 Polish Translation: [[Media:OWASP_TOP_10_Proactive_Controls_2018_V3_PL.pdf|PDF Download]] | ||
== 2016 Version == | == 2016 Version == | ||
Latest revision as of 07:32, 30 November 2019
OWASP Top 10 Proactive Controls 2018Software developers are the foundation of any application. In order to achieve secure software, developers must be supported and helped by the organization they author code for. As software developers author the code that makes up a web application, they need to embrace and practice a wide variety of secure coding techniques. All tiers of a web application, the user interface, the business logic, the controller, the database code and more – all need to be developed with security in mind. This can be a very difficult task and developers are often set up for failure. Most developers did not learn about secure coding or crypto in school. The languages and frameworks that developers use to build web applications are often lacking critical core controls or are insecure by default in some way. It is also very rare when organizations provide developers with prescriptive requirements that guide them down the path of secure software. And even when they do, there may be security flaws inherent in the requirements and designs. When it comes to software, developers are often set up to lose the security game. The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be included in every software development project. They are ordered by order of importance, with control number 1 being the most important. This document was written by developers for developers to assist those new to secure development.
LicensingThe OWASP Proactive Controls document is free to use under the Creative Commons ShareAlike 3 License. |
What is This?The OWASP Top Ten Proactive Controls describes the most important control and control categories that every architect and developer should absolutely, 100% include in every project. PresentationUse the extensive project presentation that expands on the information in the document. Project LeadersKey Contributors
Related Projects |
Quick Access
Translations
Latest News and Events
Please see the News tab for more. ArchiveMailing ListKeep up-to-date, participate or ask questions via the Project Email List. Classifications
| |||||||
