Table of contents

Objective

This cheatsheet will help users of the OWASP Proactive Controls identify which cheatsheets map to each proactive controls item. This mapping is based the OWASP Proactive Controls version 3.0 (2018).

1. Define Security Requirements

Abuse Case Cheat Sheet

Attack Surface Analysis Cheat Sheet

Threat Modeling Cheat Sheet

2. Leverage Security Frameworks and Libraries

C-Based Toolchain Hardening

C-Based Toolchain Hardening Cheat Sheet

Clickjacking Defense Cheat Sheet

DotNet Security Cheat Sheet (A3 Cross Site Scripting)

PHP Configuration Cheat Sheet

Ruby on Rails Cheatsheet (Tools)

Ruby on Rails Cheatsheet (XSS)

Vulnerable Dependency Management Cheat Sheet

3. Secure Database Access

DotNet Security Cheat Sheet (Data Access)

DotNet Security Cheat Sheet (A1 SQL Injection)

Query Parameterization Cheat Sheet

Ruby on Rails Cheatsheet (SQL Injection)

SQL Injection Prevention Cheat Sheet

4. Encode and Escape Data

AJAX Security Cheat Sheet (Client Side)

Cross Site Scripting Prevention Cheat Sheet

DOM based XSS Prevention Cheat Sheet

Injection Prevention Cheat Sheet

Injection Prevention Cheat Sheet in Java

LDAP Injection Prevention Cheat Sheet

5. Validate All Inputs

Bean Validation Cheat Sheet

Deserialization Cheat Sheet

DotNet Security Cheat Sheet (HTTP Validation and Encoding)

DotNet Security Cheat Sheet (A8 Cross site request forgery)

DotNet Security Cheat Sheet (A10 Unvalidated redirects and forwards)

Input Validation Cheat Sheet

Injection Prevention Cheat Sheet

Injection Prevention Cheat Sheet in Java

Mass Assignment Cheat Sheet

OS Command Injection Defense Cheat Sheet

Protect FileUpload Against Malicious File

REST Security Cheat Sheet (Input Validation)

Ruby on Rails Cheatsheet (Command Injection)

Ruby on Rails Cheatsheet (Mass Assignment and Strong Parameters)

Unvalidated Redirects and Forwards Cheat Sheet

XML External Entity Prevention Cheat Sheet

Server Side Request Forgery Prevention Cheat Sheet

6. Implement Digital Identity

Authentication Cheat Sheet

Choosing and Using Security Questions Cheat Sheet

DotNet Security Cheat Sheet (Forms authentication)

DotNet Security Cheat Sheet (A2 Weak Account management)

Forgot Password Cheat Sheet

JAAS Cheat Sheet

JSON Web Token Cheat Sheet for Java

Password Storage Cheat Sheet

REST Security Cheat Sheet (JWT)

Ruby on Rails Cheatsheet (Sessions)

Ruby on Rails Cheatsheet (Authentication)

SAML Security Cheat Sheet

Session Management Cheat Sheet

7. Enforce Access Controls

Access Control Cheat Sheet

Authorization Testing Automation

Credential Stuffing Prevention Cheat Sheet

Cross-Site_Request_Forgery_Prevention_Cheat_Sheet

DotNet Security Cheat Sheet (A4 Insecure Direct object references)

DotNet Security Cheat Sheet (A7 Missing function level access control)

REST Security Cheat Sheet (Access Control)

Ruby on Rails Cheatsheet (Insecure Direct Object Reference or Forceful Browsing)

Ruby on Rails Cheatsheet (CSRF)

Insecure Direct Object Reference Prevention Cheat Sheet

Transaction Authorization Cheat Sheet

8. Protect Data Everywhere

Cryptographic Storage Cheat Sheet

DotNet Security Cheat Sheet (Encryption)

DotNet Security Cheat Sheet (A6 Sensitive data exposure)

TLS Cipher String Cheat Sheet

Transport Layer Protection Cheat Sheet

Key Management Cheat Sheet

HTTP Strict Transport Security Cheat Sheet

Pinning Cheat Sheet

REST Security Cheat Sheet (HTTPS)

Ruby on Rails Cheatsheet (Encryption)

User Privacy Protection Cheat Sheet

9. Implement Security Logging and Monitoring

REST Security Cheat Sheet (Audit Logs)

Logging Cheat Sheet

10. Handle All Errors and Exceptions

REST Security Cheat Sheet (Error Handling)

Error Handling Cheat Sheet