This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Proactive Controls"
From OWASP
| Line 3: | Line 3: | ||
= Top Ten Proactive Controls = | = Top Ten Proactive Controls = | ||
| + | |||
| + | == Authentication == | ||
| + | |||
| + | == Access Control == | ||
| + | |||
| + | == Validation == | ||
| + | |||
| + | == Encoding == | ||
| + | |||
| + | Mostly output encoding to stop injection | ||
| + | |||
| + | == Query Parameterization == | ||
| + | |||
| + | Special case due to how bad SQLi is | ||
| + | |||
| + | == Data Protection == | ||
| + | |||
| + | == Secure Requirements == | ||
| + | |||
| + | == Secure Architecture == | ||
| + | |||
| + | == Secure Design == | ||
| + | |||
| + | Like forgot password workflow, and other workflows that fall outside of basic requirements and architecture | ||
| + | |||
| + | == Secure Configuration == | ||
| + | |||
| + | At rest and in transit | ||
__NOTOC__ | __NOTOC__ | ||
Revision as of 09:49, 10 March 2013
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||
Authentication
Access Control
Validation
Encoding
Mostly output encoding to stop injection
Query Parameterization
Special case due to how bad SQLi is
Data Protection
Secure Requirements
Secure Architecture
Secure Design
Like forgot password workflow, and other workflows that fall outside of basic requirements and architecture
Secure Configuration
At rest and in transit
