This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Security Code Review Cheat Sheet

From OWASP
Revision as of 04:41, 7 November 2011 by Jmanico (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Authentication

       == Password Complexity ==
       == Password Rotation
       == Account Lockout and Failed Login ==
       == Password Reset Functions ==
       == Email Change and Verification Functions ==
       == Password Storage ==
           === Old Password Hashes ===
           === Migration ===

Session Management

       == Session ID Length ==
       == Session ID Creation ==
       == Inactivity Time Out ==
       == Secure Flag ==
       == HTTP-Only Flag ==
       == Logout ==

Access Control

       == Presentation Layer ==
       == Business Layer ==
       == Data Layer ==

Input Validation

       == Goal of Input Validation ==
       == JavaScript vs Server Side Validation ==
       == Positive Approach ==
       == Robust Use of Input Validation ==
       == Validating Rich User Content ==
       == File Upload ==

Output Encoding

       == Preventing XSS and Content Security Policy ==
       == Preventing SQL Injection ==
       == Preventing OS Injection ==
       == Preventing XML Injection ==

Cross Domain Request Forgery

        == Preventing CSRF ==
        == Preventing Malicious Site Framing (ClickJacking) ==
        == 3rd Party Scripts ==
        == Connecting with Twitter, Facebook, etc ==

Secure Transmission

        == When To Use SSL/TLS ==
        == Don't Allow HTTP Access to Secure Pages ==
        == Implement STS ==
Retrieved from "https://wiki.owasp.org/index.php?title=Security_Code_Review_Cheat_Sheet&oldid=119823"