This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Cheat Sheet Series"

From OWASP
Jump to: navigation, search
m (Add link to mailman archive)
m (Remove Dominique from the contact messages)
 
(9 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
= Main =  
 
= Main =  
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: lab_big.jpg|link=OWASP_Project_Stages#tab.3DLab_Projects]]</div>
+
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
 
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>
 
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>
  
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
+
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
  
 
== Our goal ==  
 
== Our goal ==  
Line 10: Line 10:
 
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. We hope that the OWASP Cheat Sheet Series provides you with excellent security guidance in an easy to read format.
 
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. We hope that the OWASP Cheat Sheet Series provides you with excellent security guidance in an easy to read format.
  
If you have any questions about the OWASP Cheat Sheet Series, please email the project leaders [mailto:[email protected] Dominique Righetto] or [mailto:[email protected] Jim Manico], contact us on the project's Slack channel or on our [https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project Google Group] ('''Slack is highly preferred over the Google Group''').
+
If you have any questions about the OWASP Cheat Sheet Series, please email the project leader [mailto:[email protected] Jim Manico], contact us on the project's Slack channel, or on our [https://groups.google.com/a/owasp.org/forum/#!forum/cheat-sheets-project Google Group] ('''Slack is highly preferred over the Google Group''').
  
 
The archives of the old mailing list can be consulted [https://lists.owasp.org/pipermail/owasp-cheat-sheets/index here].
 
The archives of the old mailing list can be consulted [https://lists.owasp.org/pipermail/owasp-cheat-sheets/index here].
 +
 +
== Official website ==
 +
 +
The official website on which all the cheat sheets are hosted is https://cheatsheetseries.owasp.org .
  
 
== Migration to GitHub ==
 
== Migration to GitHub ==
Line 18: Line 22:
 
Project has been fully migrated to [https://github.com/OWASP/CheatSheetSeries GitHub].
 
Project has been fully migrated to [https://github.com/OWASP/CheatSheetSeries GitHub].
  
This page is used as the OWASP homepage of the project, all the project content is hosted on the [https://github.com/OWASP/CheatSheetSeries GitHub repository] and we work '''only from''' this repository, '''wiki is not used anymore'''.
+
This page is used as the OWASP homepage of the project, all the project content is hosted on the [https://github.com/OWASP/CheatSheetSeries GitHub repository] and we work '''only from''' this repository, '''wiki is not used anymore'''.
 +
 
 +
The [https://github.com/OWASP/CheatSheetSeries GitHub] repository is used for the work on the cheat sheets and the released ones are deployed on the [https://cheatsheetseries.owasp.org official website].
  
 
So, from now, only a GitHub account is needed to contribute :)
 
So, from now, only a GitHub account is needed to contribute :)
Line 39: Line 45:
 
<pre>Requests from OPC/OASVS are flagged with a special label in the GitHub repository issues list in order to identify them and set them as a top level priority.</pre>
 
<pre>Requests from OPC/OASVS are flagged with a special label in the GitHub repository issues list in order to identify them and set them as a top level priority.</pre>
  
== Project Leaders ==
+
== Project leaders ==
  
 
* [https://www.owasp.org/index.php/User:Jmanico Jim Manico] [mailto:[email protected] @]
 
* [https://www.owasp.org/index.php/User:Jmanico Jim Manico] [mailto:[email protected] @]
* [https://www.owasp.org/index.php/User:Dominique_RIGHETTO Dominique Righetto] [mailto:[email protected] @]
+
 
 +
== Core team ==
 +
 
 +
* [https://github.com/ThunderSon Elie Saad]
 +
* [https://github.com/mackowski Jakub Maćkowski]
 +
* [https://github.com/rbsec Robin Bailey]
 +
* [https://www.owasp.org/index.php/User:Jmanico Jim Manico]
  
 
== Contributors of the V1 of the project ==  
 
== Contributors of the V1 of the project ==  
Line 52: Line 64:
 
See [https://github.com/OWASP/CheatSheetSeries/graphs/contributors here] for a complete list.
 
See [https://github.com/OWASP/CheatSheetSeries/graphs/contributors here] for a complete list.
  
| valign="top"  style="padding-left:25px;width:200px;" |
+
| style="padding-left:25px;width:200px;" valign="top" |
 +
 
 +
== Official website ==
 +
 
 +
Website of the [https://cheatsheetseries.owasp.org here].
  
 
== GitHub repository ==
 
== GitHub repository ==
Line 82: Line 98:
 
   {| width="200" cellpadding="2"
 
   {| width="200" cellpadding="2"
 
   |-
 
   |-
   | rowspan="3" align="center" valign="top" width="50%" | [[File:Midlevel_projects.png|130px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Lab_Projects|Lab Project]]
+
   | rowspan="3" width="50%" valign="top" align="center" | [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
   | align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]   
+
   | width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]   
 
   |-
 
   |-
   | align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
+
   | width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
 
   |-
 
   |-
   | align="center" valign="center" width="50%" |  
+
   | width="50%" valign="center" align="center" |  
 
   |-
 
   |-
 
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
Line 102: Line 118:
 
* [[OWASP Proactive Controls]]
 
* [[OWASP Proactive Controls]]
 
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project]
 
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project]
 
== News and Events ==
 
* [Mar 09 2019] Move from Mailman to Google Group.
 
* [Feb 23 2019] V2 released, from now see all the update [https://github.com/OWASP/CheatSheetSeries/pulse here].
 
* [Feb 22 2019] Migration to [https://github.com/OWASP/CheatSheetSeries GitHub] finished.
 
* [Dec 28 2018] Start migration of the cheat sheets collection to [https://github.com/OWASP/CheatSheetSeries GitHub].
 
* [Dec 01 2018] [[Injection_Prevention_Cheat_Sheet_in_Java|Injection Prevention Cheat Sheet in Java]] updated
 
* [Nov 24 2018] [[Securing_Cascade_Style_Sheets_(CSS)_Cheat_Sheet|Securing Cascade Style Sheets Cheat Sheet]] added to project
 
* [Nov 08 2018] Creation and sharing of the project logos
 
* [Oct 13 2018] [[Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet|CSRF Prevention Cheat Sheet]] refactored
 
* [Sep 25 2018] [[Abuse_Case_Cheat_Sheet|Abuse Case Cheat Sheet]] added to project
 
* [Aug 25 2018] Cleanup of Cheat Sheets finished
 
* [Jul 15 2018] [[Error_Handling_Cheat_Sheet|Error Handling Cheat Sheet]] added to project
 
* [Jun 12 2018] Made available the PDF book of all Cheat Sheets
 
* [May 10 2018] [[Protect_FileUpload_Against_Malicious_File|Protect File Upload Against Malicious File Cheat Sheet]] updated
 
* [Mar 18 2018] [[Password_Storage_Cheat_Sheet|Password Storage Cheat Sheet]] updated
 
* [Feb 21 2018] [[HTML5_Security_Cheat_Sheet|HTML5 Security Cheat Sheet]] updated
 
* [Feb 18 2018] [[Password_Storage_Cheat_Sheet|Password Storage Cheat Sheet]] updated
 
* [Jan 14 2018] [[Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet|Insecure Direct Object Reference Prevention Cheat Sheet]] updated
 
* [Dec 04 2017] [[Ruby_on_Rails_Cheatsheet|Ruby On Rails Cheat Sheet]] updated
 
* [Nov 19 2017] [[JSON_Web_Token_(JWT)_Cheat_Sheet_for_Java|JWT Cheat Sheet for Java]] updated
 
* [Nov 17 2017] [[OS_Command_Injection_Defense_Cheat_Sheet|OS Command Injection Defense Cheat Sheet]] added to project
 
* [Nov 04 2017] [[Authorization_Testing_Automation|Authorization Testing Automation Cheat Sheet]] added to project
 
* [Jan 17 2017] [[XML_Security_Cheat_Sheet|XML Security Cheat Sheet]] added to project
 
* [Feb 06 2016] New navigation template rolled out project-wide
 
* [Jun 11 2015] [[SAML_Security_Cheat_Sheet|SAML Cheat Sheet]] added to project
 
* [Feb 11 2015] [https://www.owasp.org/images/9/9a/OWASP_Cheatsheets_Book.pdf Cheat Sheet "book"] added to project
 
* [Apr 04 2014] All non-draft cheat sheets moved to new wiki template!
 
* [Feb 04 2014] Project-wide cleanup started
 
 
  
 
|}
 
|}
Line 242: Line 228:
 
__NOTOC__ <headertabs />
 
__NOTOC__ <headertabs />
  
[[Category:OWASP_Project|OWASP Cheat Sheets Project]]
+
[[Category:OWASP Project|OWASP Cheat Sheets Project]]
 
[[Category:OWASP_Document]]
 
[[Category:OWASP_Document]]
 
[[Category:OWASP_Alpha_Quality_Document]]
 
[[Category:OWASP_Alpha_Quality_Document]]
 
[[Category:SAMM-EG-1]]
 
[[Category:SAMM-EG-1]]

Latest revision as of 10:23, 29 September 2019

Flagship big.jpg
Cheatsheets-header.jpg

Our goal

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. We hope that the OWASP Cheat Sheet Series provides you with excellent security guidance in an easy to read format.

If you have any questions about the OWASP Cheat Sheet Series, please email the project leader Jim Manico, contact us on the project's Slack channel, or on our Google Group (Slack is highly preferred over the Google Group).

The archives of the old mailing list can be consulted here.

Official website

The official website on which all the cheat sheets are hosted is https://cheatsheetseries.owasp.org .

Migration to GitHub

Project has been fully migrated to GitHub.

This page is used as the OWASP homepage of the project, all the project content is hosted on the GitHub repository and we work only from this repository, wiki is not used anymore.

The GitHub repository is used for the work on the cheat sheets and the released ones are deployed on the official website.

So, from now, only a GitHub account is needed to contribute :)

Bridge between the projects OWASP Proactive Controls/OWASP Application Security Verification Standard and OWASP Cheat Sheet Series

A work channel has been created between these 2 projects and the Cheat Sheet Series using the following process (OPC = OWASP Proactive Controls / OASVS = OWASP Application Security Verification Standard / OCS = OWASP Cheat Sheet):

  • When a Cheat Sheet is missing for a point in OPC/OASVS then the OCS will handle the missing and create one. When the Cheat Sheet is ready then the reference is added by OPC/OASVS.
  • If a Cheat Sheet exists for an OPC/OASVS point but the content do not provide the expected help then the Cheat Sheet is updated to provide the content needed/expected.

The reason of the creation of this bridge is to help the OCS/OASVS projects by providing them:

  • A consistent source for the requests regarding new Cheat Sheets.
  • Same approach about the update of the existing Cheat Sheets.
  • A usage context for the Cheat Sheet and a quick source of feedack about the quality and the efficiency of the Cheat Sheet.

It is not mandatory that a request for a new Cheat Sheet (or for an update) come only from OPC/OASVS, it is just a extra channel.

Requests from OPC/OASVS are flagged with a special label in the GitHub repository issues list in order to identify them and set them as a top level priority.

Project leaders

Core team

Contributors of the V1 of the project

Paweł Krawczyk, Mishra Dhiraj, Shruti Kulkarni, Torsten Gigler, Michael Coates, Jeff Williams, Dave Wichers, Kevin Wall, Jeffrey Walton, Eric Sheridan, Kevin Kenan, David Rook, Fred Donovan, Abraham Kang, Dave Ferguson, Shreeraj Shah, Raul Siles, Colin Watson, Neil Matatall, Zaur Molotnikov, Manideep Konakandla, Santhosh Tuppad and many more!

Contributors of the V2 of the project

See here for a complete list.

Official website

Website of the here.

GitHub repository

Repository is here.

Offline Cheat Sheets collection

A offline website of all Cheat Sheets can be obtained here.

Slack & Twitter

Slack channel information:

  • Server owasp.slack.com
  • Channel cheatsheets

Twitter hash tag: #owaspcheatsheetseries

Google Group

Project Google Group, click here to join it.

Still used for technical discussion but we highly prefer:

  • The Slack channel for announcement and technical discussion.
  • The Twitter hash tag for announcement only.

Project classifications

Owasp-flagship-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg

Licensing

The OWASP Cheat Sheet Series is free to use under the Creative Commons ShareAlike 3 License.

Related Projects

Roadmap is managed using the GitHub feature of the repository.