This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Projects/OWASP Secure Coding Practices - Quick Reference Guide"

From OWASP
Jump to: navigation, search
m
 
(27 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Template:Project About
+
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>
 
| project_name = OWASP Secure Coding Practices - Quick Reference Guide
 
| project_name = OWASP Secure Coding Practices - Quick Reference Guide
 
| project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide
 
| project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide
Line 26: Line 26:
  
 
| contributor_name4 = Caleb McGary  
 
| contributor_name4 = Caleb McGary  
| contributor_email4 =  
+
| contributor_email4 = [email protected]
 
| contributor_username4 =  
 
| contributor_username4 =  
  
| contributor_name5 =  
+
| contributor_name5 = Jim Manico
| contributor_email5 =  
+
| contributor_email5 = [email protected]
| contributor_username5 =  
+
| contributor_username5 = Jmanico
  
 +
| contributor_name6 = Brad Causey
 +
| contributor_email6 = [email protected]
 +
| contributor_username6 = Bradcausey
  
| pamphlet_link = http://www.owasp.org/images/e/ed/Flyer_Secure_Coding_Practices_Quick_Reference_Guide.pdf
+
| contributor_name7 = Ludovic Petit
 +
| contributor_email7 = ludovic.petit@owasp.org
 +
| contributor_username7 = Ludovic Petit
  
| presentation_link = http://www.owasp.org/images/6/6a/Secure_Coding_Practices_Quick_Ref_3.ppt
+
| contributor_name8 = Michael V. Scovetta
 +
| contributor_email8 = [email protected]
 +
| contributor_username8 = 
 +
 
 +
| contributor_name9 = Jason Coleman
 +
| contributor_email9 =
 +
| contributor_username9 = 
 +
 
 +
| contributor_name10 = Tarcizio Vieira Neto
 +
| contributor_email10 =
 +
| contributor_username10 = 
 +
 
 +
| contributor_name11 = OWASP Korea chapter
 +
| contributor_email11 =
 +
| contributor_username11 = 
 +
 
 +
 
 +
| pamphlet_link = http://www.owasp.org/images/3/35/Flyer_Secure_Coding_Practices_Quick_Reference_Guide_V2.pdf
 +
 
 +
| presentation_link = https://www.owasp.org/images/f/fd/Secure_Coding_Practices_Quick_Ref_6.ppt
  
 
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices
 
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices
Line 42: Line 66:
 
| project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap
 
| project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap
  
| links_url[1-10] =  
+
| links_url1 = http://vimeo.com/17018329
| links_name[1-10] =  
+
| links_name1 = Video - Keith Turpin presenting the Quick Reference Guide on OWASP AppSec USA 2010
 +
 
 +
| links_url2 = https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf
 +
| links_name2 = SCP v2 > Brazilian Portuguese Translation > PDF file
 +
 
 +
| links_url3 = https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf
 +
| links_name3 = SCP v2 > Portugal Portuguese Translation > PDF file
 +
 
 +
| links_url4 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf
 +
| links_name4 = SCP v2 > Korean Translation > PDF file
 +
 
 +
| links_url5 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc
 +
| links_name5 = SCP v2 > Spanish Translation > doc file
 +
 
 +
| links_url6 = http://www.owasp.org/images/5/54/Secure_Coding_Practices_Quick_Ref_5.ppt
 +
| links_name6 = Slide - Presented by Keith Turpin on OWASP AppSec USA 2010
 +
 
  
 
| release_1 = SCP v1
 
| release_1 = SCP v1
Line 49: Line 89:
 
| release_2 = SCP v1.1
 
| release_2 = SCP v1.1
  
| release_3 =
+
| release_3 = SCP v2
  
 
| release_4 =
 
| release_4 =
 +
<!--- The line below is for GPC usage only. Please do not edit it --->
 +
| project_about_page = Projects/OWASP Secure Coding Practices - Quick Reference Guide
 
}}
 
}}

Latest revision as of 09:05, 23 May 2012

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Secure Coding Practices - Quick Reference Guide (home page)
Purpose: This document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.
License: Creative Commons Attribution Share Alike 3.0
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
current release
SCP v2 - 8 November 2010 - (download)
Release description:
  • Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications.
  • Entirely new sections include:
    • Cryptographic Practices,
    • Error Handling and Logging".
  • The guide's "Data Validation" section was split to match ASVS and is now represented as two separate sections "Input Validation" and "Output Encoding",
  • The guide's "Authorization and Access Management" section was renamed to Access Control,
  • The guide's "Sensitive Information Storage or Transmission" section was split to match ASVS and is now two new sections "Data Protection" and "Communication Security",
  • Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.
  • Additional terms were added to the glossary.
  • Several improvements were made thanks to new contributors.
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details
last reviewed release
SCP v1.1 - 8 September 2010 - (download)
Release description: The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest. This release is the result of the changes introduced in the previous version (SCP v1) which were the consequence of the assessment process it was submitted to.
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases