This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Security Code Review Cheat Sheet

From OWASP
Revision as of 04:42, 7 November 2011 by Jmanico (talk | contribs) (Authentication)

Jump to: navigation, search

Authentication

Password Complexity

== Password Rotation

Account Lockout and Failed Login

Password Reset Functions

Email Change and Verification Functions

Password Storage

Old Password Hashes

Migration

Session Management

       == Session ID Length ==
       == Session ID Creation ==
       == Inactivity Time Out ==
       == Secure Flag ==
       == HTTP-Only Flag ==
       == Logout ==

Access Control

       == Presentation Layer ==
       == Business Layer ==
       == Data Layer ==

Input Validation

       == Goal of Input Validation ==
       == JavaScript vs Server Side Validation ==
       == Positive Approach ==
       == Robust Use of Input Validation ==
       == Validating Rich User Content ==
       == File Upload ==

Output Encoding

       == Preventing XSS and Content Security Policy ==
       == Preventing SQL Injection ==
       == Preventing OS Injection ==
       == Preventing XML Injection ==

Cross Domain Request Forgery

        == Preventing CSRF ==
        == Preventing Malicious Site Framing (ClickJacking) ==
        == 3rd Party Scripts ==
        == Connecting with Twitter, Facebook, etc ==

Secure Transmission

        == When To Use SSL/TLS ==
        == Don't Allow HTTP Access to Secure Pages ==
        == Implement STS ==
Retrieved from "https://wiki.owasp.org/index.php?title=Security_Code_Review_Cheat_Sheet&oldid=119824"