This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Proactive Controls
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
Authentication
- Password Storage - Forgot Password Workflow - Multi-Factor AuthN
Access Control
- Permission based access control - Limits of RBAC
Validation
- Whitelist Validation (struggles with internationalization) - URL validation (as part of redirect features) - HTML Validation (as part of untrusted content from features like TinyMCE)
Encoding
- Output encoding for XSS - Query Parameterization - Other encodings for LDAP, XML construction and OS Command injection resistance
Data Protection
- At rest and in transit - Secure number generation - Certificate pinning - Proper use of AES (CBC/IV Management)
Secure Requirements
- Core requirements for any project (technical) - Business logic requirements (project specific)
Secure Architecture and Design
- When to use request, session or database for data flow