This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2

Jump to: navigation, search

{{Template: Release About | project_name =OWASP Secure Coding Practices - Quick Reference Guide | project_home_page =:OWASP Secure Coding Practices - Quick Reference Guide

| release_name =SCP v2 | release_date =8 November 2010 | release_download_link =

| release_description =

  • Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications.
  • Entirely new sections include:
    • Cryptographic Practices,
    • Error Handling and Logging".
  • The guide's "Data Validation" section was split to match ASVS and is now represented as two separate sections "Input Validation" and "Output Encoding",
  • The guide's "Authorization and Access Management" section was renamed to Access Control,
  • The guide's "Sensitive Information Storage or Transmission" section was split to match ASVS and is now two new sections "Data Protection" and "Communication Security",
  • Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.
  • Additional terms were added to the glossary.
  • Several improvements were made thanks to new contributors.

| release_license =Creative Commons Attribution Share Alike 3.0

| leader_name1 =Keith Turpin | leader_email1 [email protected] | leader_username1 =Keith Turpin

| contributor_name1 =Brad Causey (As GPC's Reviewer) | contributor_email1 [email protected] | contributor_username1 =Bradcausey

| contributor_name2 =Anurag Agarwal (As peer Reviewer) | contributor_email2 [email protected] | contributor_username2 =

| contributor_name3 =Andrew Petukhov | contributor_email3 [email protected] | contributor_username3 =Petand

| contributor_name4 =Jason Coleman | contributor_email4 = | contributor_username4 =

| contributor_name5 =Leandro Gomes (as Portuguese Translator) | contributor_email5 [email protected] | contributor_username5 =

| contributor_name6 =Sílvio Correia Filho (as Portuguese Translator) | contributor_email6 [email protected] | contributor_username6 =

| contributor_name7 =Tarcizio Vieira Neto (as Portuguese Translator) | contributor_email7 [email protected] | contributor_username7 =

| contributor_name8 =Canedo,Gerardo (as Spanish Translator)

| contributor_name9 =Flores,Mauro (as Spanish Translator)

| contributor_name10 =Hill,Alberto (as Spanish Translator) | contributor_username1 =Alberto Daniel Hill

| contributor_name11 =Martinez,Mateo (as Spanish Translator)

| contributor_name12 =Papaleo,Mauricio (as Spanish Translator)

| contributor_name13 =Soarez,Nicolás (as Spanish Translator)

| contributor_name14 =Targetta, Cecilia (as Spanish Translator)

| release_notes =

| links_url1 = | links_name1 =SCP v2 > English Version > Word file

| links_url2 = | links_name2 =SCP v2 > Brazilian Portuguese Translation > Pdf file

| links_url3 = | links_name3 =SCP v2 > Portugal Portuguese Translation > Pdf file

| links_url4 = | links_name4 =SCP v2 > Korean Translation > Pdf file

| links_url5 = | links_name5 =SCP v2 > Spanish Translation > doc file

| links_url6 = | links_name6 =Secure coding guide assessment feedback disposition

| links_url7 = | links_name7 =Assessment Control/Progress and Links