This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Secure Coding Cheat Sheet
From OWASP
Revision as of 05:53, 7 November 2011 by Jmanico (talk | contribs) (Created page with "= DRAFT CHEAT SHEET - WORK IN PROGRESS = = Authentication= == Password Complexity == == Password Rotation == == Account Lockout and Failed Login == == Password Reset Functions =...")
[hide]
DRAFT CHEAT SHEET - WORK IN PROGRESS
Authentication
Password Complexity
Password Rotation
Account Lockout and Failed Login
Password Reset Functions
Email Change and Verification Functions
Password Storage
Old Password Hashes
Migration
Session Management
Session ID Length
Session ID Creation
Inactivity Time Out
Secure Flag
HTTP-Only Flag
Logout
Access Control
Presentation Layer
Business Layer
Data Layer
Input Validation
Goal of Input Validation
JavaScript vs Server Side Validation
Positive Approach
Robust Use of Input Validation
Validating Rich User Content
File Upload
Output Encoding
Preventing XSS and Content Security Policy
Preventing SQL Injection
Preventing OS Injection
Preventing XML Injection
Cross Domain Request Forgery
Preventing CSRF
Preventing Malicious Site Framing (ClickJacking)
3rd Party Scripts
Connecting with Twitter, Facebook, etc
Secure Transmission
When To Use SSL/TLS
Don't Allow HTTP Access to Secure Pages
Implement STS
References
OWASP Cheat Sheets Project Homepage