Wiki

User Tools

Site Tools

Trace:
owasp:owasp_top_ten_cheat_sheet

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
owasp:owasp_top_ten_cheat_sheet [2016/10/11 14:17] peterowasp:owasp_top_ten_cheat_sheet [2019/12/01 11:42] (current) – removed peter
Line 1: Line 1:
-====== OWASP - OWASP Top Ten Cheat Sheet ====== 
- 
- 
-^ Issue      ^ Presentation ^ Solution          ^ Comments ^ 
-| Injection    | Render | Set a correct content type. | All SQL Injection is due to dynamic SQL queries. Strongly consider prohibiting dynamic SQL queries. | 
-| :::    | :::                        | Set safe character set (UTF-8). | Canonicalize using correct character set. | 
-| :::    | :::                        | Set correct locale. |  | 
-| :::    | On Submit:                 | Enforce input field type and lengths. | Positive input validation using correct character set. | 
-| :::    | :::                        | Validate fields and provide feedback. | Use Parameterized queries and Stored Procedures. | 
-| :::    | :::                        | Ensure option selects and radio contain only sent values. | ::: | 
-| Weak authentication and session management  | Render | Validate user is authenticated. | | 
-| :::    | :::                        | Validate role is sufficient for this view. | Validate role is sufficient to create, read, update, or delete data. | 
-| ::: | ::: | ::: | Consider the use of a "governor" to regulate the maximum number of requests per second / minute / hour that this user may perform. | 
-| :::    | :::                        | Set "secure" and "HttpOnly" flags for session cookies. |  | 
-| :::    | :::                        | Send CSRF token with forms. | | 
-| XSS | Render | Set correct content type. | | 
-| ::: | ::: | Set safe character set (UTF-8). | Canonicalize using correct character set. | 
-| ::: | ::: | Set correct locale. | | 
-| ::: | ::: | Output encode all user data as per output context. | | 
-| ::: | ::: | Set input constraints. | Positive input validation using correct character set. | 
-| ::: | ::: | ::: | Only process data that is 100% trustworthy. Everything else is hostile and should be rejected. | 
-| ::: | ::: | ::: | Do not store data HTML-encoded in the database. This prevents new uses for the data. | 
-| Insecure Direct Object References | If data is from internal trusted sources, no data is sent. | Obtain data from internal, trusted sources. | | 
-| ::: | Render | Send indirect random access reference map value. | Obtain direct value from random access reference access map. | 
-| ::: | ::: | ::: | Validate role is sufficient to create, read, update, or delete data. | 
-| Security Misconfiguration | Ensure web servers and application servers are hardened. | Ensure web servers and application servers are hardened. | Ensure database servers are hardened. | 
  
owasp/owasp_top_ten_cheat_sheet.1476195422.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki