This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:OWASP Top Ten Controls Project

From OWASP

Revision as of 02:43, 17 January 2013 by Jmanico (talk | contribs) (→‎List of Top Ten Controls)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Introduction

This is a placeholder page for the upcoming OWASP Top Ten Controls 2013 document.

This project, similar to the OWASP Top Ten Risks document, is meant to directly bring awareness to controls that developers need to use in secure web application development.

OWASP Top Ten Proactive Controls

These controls may include:

Query Parameterization per https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet
Hashed, Salted and Stretched Password Storage per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
Output Encoding per https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
Forgot Password Workflow per https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
Content Security Policy
Secure JSON Parsing
Input Validation per https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
Transport Layer Security
Access Control Design
Virtual Patching

Others to consider

Re-authentication (authenticating individual transactions)
CSRF Tokens
Framebusting
Defense to prevent http://en.wikipedia.org/wiki/Remote_file_inclusion

Glossary of Terms

TODO

This category currently contains no pages or media.

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Top_Ten_Controls_Project&oldid=142407"