This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2"
Keith Turpin (talk | contribs) |
m (Tag: Visual edit) |
||
| Line 1: | Line 1: | ||
| − | {{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude> | + | <nowiki>{{Template: </nowiki><includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude> |
| − | | project_name = OWASP Secure Coding Practices - Quick Reference Guide | + | | project_name =OWASP Secure Coding Practices - Quick Reference Guide |
| − | | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide | + | | project_home_page =:OWASP Secure Coding Practices - Quick Reference Guide |
| − | | release_name = SCP v2 | + | | release_name =SCP v2 |
| − | | release_date = 8 November 2010 | + | | release_date =8 November 2010 |
| − | | release_download_link = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf | + | | release_download_link =http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf |
| − | | release_description = | + | | release_description = |
| Line 23: | Line 23: | ||
*Several improvements were made thanks to new contributors. | *Several improvements were made thanks to new contributors. | ||
| − | | release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] | + | | release_license =[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] |
| − | | leader_name1 = Keith Turpin | + | | leader_name1 =Keith Turpin |
| − | | leader_email1 = [email protected] | + | | leader_email1 [email protected] |
| − | | leader_username1 = Keith Turpin | + | | leader_username1 =Keith Turpin |
| − | | contributor_name1 = Brad Causey (As GPC's Reviewer) | + | | contributor_name1 =Brad Causey (As GPC's Reviewer) |
| − | | contributor_email1 = [email protected] | + | | contributor_email1 [email protected] |
| − | | contributor_username1 = Bradcausey | + | | contributor_username1 =Bradcausey |
| − | | contributor_name2 = Anurag Agarwal (As peer Reviewer) | + | | contributor_name2 =Anurag Agarwal (As peer Reviewer) |
| − | | contributor_email2 = [email protected] | + | | contributor_email2 [email protected] |
| − | | contributor_username2 = | + | | contributor_username2 = |
| − | | contributor_name3 = Andrew Petukhov | + | | contributor_name3 =Andrew Petukhov |
| − | | contributor_email3 = [email protected] | + | | contributor_email3 [email protected] |
| − | | contributor_username3 = Petand | + | | contributor_username3 =Petand |
| − | | contributor_name4 = Jason Coleman | + | | contributor_name4 =Jason Coleman |
| − | | contributor_email4 = | + | | contributor_email4 = |
| − | | contributor_username4 = | + | | contributor_username4 = |
| − | | contributor_name5 = Leandro Gomes (as Portuguese Translator) | + | | contributor_name5 =Leandro Gomes (as Portuguese Translator) |
| − | | contributor_email5 = [email protected] | + | | contributor_email5 [email protected] |
| − | | contributor_username5 = | + | | contributor_username5 = |
| − | | contributor_name6 = Sílvio Correia Filho (as Portuguese Translator) | + | | contributor_name6 =Sílvio Correia Filho (as Portuguese Translator) |
| − | | contributor_email6 = [email protected] | + | | contributor_email6 [email protected] |
| − | | contributor_username6 = | + | | contributor_username6 = |
| − | | contributor_name7 = | + | | contributor_name7 =Tarcizio Vieira Neto (as Portuguese Translator) |
| − | | contributor_email7 = [email protected] | + | | contributor_email7 [email protected] |
| − | | contributor_username7 = | + | | contributor_username7 = |
| − | | contributor_name8 = | + | | contributor_name8 =Canedo,Gerardo (as Spanish Translator) |
| − | | contributor_name9 = | + | | contributor_name9 =Flores,Mauro (as Spanish Translator) |
| − | | contributor_name10 = | + | | contributor_name10 =Hill,Alberto (as Spanish Translator) | contributor_username1 =Alberto Daniel Hill |
| − | | contributor_name11 = | + | | contributor_name11 =Martinez,Mateo (as Spanish Translator) |
| − | | contributor_name12 = | + | | contributor_name12 =Papaleo,Mauricio (as Spanish Translator) |
| − | | contributor_name13 = | + | | contributor_name13 =Soarez,Nicolás (as Spanish Translator) |
| − | | contributor_name14 = | + | | contributor_name14 =Targetta, Cecilia (as Spanish Translator) |
| − | | release_notes = http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes | + | | release_notes =http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes |
| − | | links_url1 = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc | + | | links_url1 =http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc |
| − | | links_name1 = SCP v2 > English Version > Word file | + | | links_name1 =SCP v2 > English Version > Word file |
| − | | links_url2 = https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf | + | | links_url2 =https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf |
| − | | links_name2 = SCP v2 > Brazilian Portuguese Translation > Pdf file | + | | links_name2 =SCP v2 > Brazilian Portuguese Translation > Pdf file |
| − | | links_url3 = https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf | + | | links_url3 =https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf |
| − | | links_name3 = SCP v2 > Portugal Portuguese Translation > Pdf file | + | | links_name3 =SCP v2 > Portugal Portuguese Translation > Pdf file |
| − | | links_url4 = | + | | links_url4 =https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf |
| − | | links_name4 = SCP v2 > Korean Translation > Pdf file | + | | links_name4 =SCP v2 > Korean Translation > Pdf file |
| − | | links_url5 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc | + | | links_url5 =http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc |
| − | | links_name5 = SCP v2 > Spanish Translation > doc file | + | | links_name5 =SCP v2 > Spanish Translation > doc file |
| − | | links_url6 = http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls | + | | links_url6 =http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls |
| − | | links_name6 = Secure coding guide assessment feedback disposition | + | | links_name6 =Secure coding guide assessment feedback disposition |
| − | | links_url7 = http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2 | + | | links_url7 =http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2 |
| − | | links_name7 = Assessment Control/Progress and Links | + | | links_name7 =Assessment Control/Progress and Links |
| − | }} | + | <nowiki>}}</nowiki> |
Revision as of 06:32, 4 July 2017
{{Template: Release About | project_name =OWASP Secure Coding Practices - Quick Reference Guide | project_home_page =:OWASP Secure Coding Practices - Quick Reference Guide
| release_name =SCP v2 | release_date =8 November 2010 | release_download_link =http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf
| release_description =
- Now available in Portuguese: Updated Portuguese Version PDF
- Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications.
- Entirely new sections include:
- Cryptographic Practices,
- Error Handling and Logging".
- The guide's "Data Validation" section was split to match ASVS and is now represented as two separate sections "Input Validation" and "Output Encoding",
- The guide's "Authorization and Access Management" section was renamed to Access Control,
- The guide's "Sensitive Information Storage or Transmission" section was split to match ASVS and is now two new sections "Data Protection" and "Communication Security",
- Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.
- Additional terms were added to the glossary.
- Several improvements were made thanks to new contributors.
| release_license =Creative Commons Attribution Share Alike 3.0
| leader_name1 =Keith Turpin | leader_email1 [email protected] | leader_username1 =Keith Turpin
| contributor_name1 =Brad Causey (As GPC's Reviewer) | contributor_email1 [email protected] | contributor_username1 =Bradcausey
| contributor_name2 =Anurag Agarwal (As peer Reviewer) | contributor_email2 [email protected] | contributor_username2 =
| contributor_name3 =Andrew Petukhov | contributor_email3 [email protected] | contributor_username3 =Petand
| contributor_name4 =Jason Coleman | contributor_email4 = | contributor_username4 =
| contributor_name5 =Leandro Gomes (as Portuguese Translator) | contributor_email5 [email protected] | contributor_username5 =
| contributor_name6 =Sílvio Correia Filho (as Portuguese Translator) | contributor_email6 [email protected] | contributor_username6 =
| contributor_name7 =Tarcizio Vieira Neto (as Portuguese Translator) | contributor_email7 [email protected] | contributor_username7 =
| contributor_name8 =Canedo,Gerardo (as Spanish Translator)
| contributor_name9 =Flores,Mauro (as Spanish Translator)
| contributor_name10 =Hill,Alberto (as Spanish Translator) | contributor_username1 =Alberto Daniel Hill
| contributor_name11 =Martinez,Mateo (as Spanish Translator)
| contributor_name12 =Papaleo,Mauricio (as Spanish Translator)
| contributor_name13 =Soarez,Nicolás (as Spanish Translator)
| contributor_name14 =Targetta, Cecilia (as Spanish Translator)
| release_notes =http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes
| links_url1 =http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc | links_name1 =SCP v2 > English Version > Word file
| links_url2 =https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf | links_name2 =SCP v2 > Brazilian Portuguese Translation > Pdf file
| links_url3 =https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf | links_name3 =SCP v2 > Portugal Portuguese Translation > Pdf file
| links_url4 =https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf | links_name4 =SCP v2 > Korean Translation > Pdf file
| links_url5 =http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc | links_name5 =SCP v2 > Spanish Translation > doc file
| links_url6 =http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls | links_name6 =Secure coding guide assessment feedback disposition
| links_url7 =http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2 | links_name7 =Assessment Control/Progress and Links
}}
