- Table of contents
- Objective
- 1. Define Security Requirements
- 2. Leverage Security Frameworks and Libraries
- 3. Secure Database Access
- 4. Encode and Escape Data
- 5. Validate All Inputs
- 6. Implement Digital Identity
- 7. Enforce Access Controls
- 8. Protect Data Everywhere
- 9. Implement Security Logging and Monitoring
- 10. Handle All Errors and Exceptions
Table of contents
- Objective
- 1. Define Security Requirements
- 2. Leverage Security Frameworks and Libraries
- 3. Secure Database Access
- 4. Encode and Escape Data
- 5. Validate All Inputs
- 6. Implement Digital Identity
- 7. Enforce Access Controls
- 8. Protect Data Everywhere
- 9. Implement Security Logging and Monitoring
- 10. Handle All Errors and Exceptions
Objective
This cheatsheet will help users of the OWASP Proactive Controls identify which cheatsheets map to each proactive controls item. This mapping is based the OWASP Proactive Controls version 3.0 (2018).
1. Define Security Requirements
Attack Surface Analysis Cheat Sheet
2. Leverage Security Frameworks and Libraries
C-Based Toolchain Hardening Cheat Sheet
Clickjacking Defense Cheat Sheet
DotNet Security Cheat Sheet (A3 Cross Site Scripting)
Ruby on Rails Cheatsheet (Tools)
Ruby on Rails Cheatsheet (XSS)
Vulnerable Dependency Management Cheat Sheet
3. Secure Database Access
DotNet Security Cheat Sheet (Data Access)
DotNet Security Cheat Sheet (A1 SQL Injection)
Query Parameterization Cheat Sheet
Ruby on Rails Cheatsheet (SQL Injection)
SQL Injection Prevention Cheat Sheet
4. Encode and Escape Data
AJAX Security Cheat Sheet (Client Side)
Cross Site Scripting Prevention Cheat Sheet
DOM based XSS Prevention Cheat Sheet
Injection Prevention Cheat Sheet
Injection Prevention Cheat Sheet in Java
LDAP Injection Prevention Cheat Sheet
5. Validate All Inputs
DotNet Security Cheat Sheet (HTTP Validation and Encoding)
DotNet Security Cheat Sheet (A8 Cross site request forgery)
DotNet Security Cheat Sheet (A10 Unvalidated redirects and forwards)
Injection Prevention Cheat Sheet
Injection Prevention Cheat Sheet in Java
OS Command Injection Defense Cheat Sheet
Protect FileUpload Against Malicious File
REST Security Cheat Sheet (Input Validation)
Ruby on Rails Cheatsheet (Command Injection)
Ruby on Rails Cheatsheet (Mass Assignment and Strong Parameters)
Unvalidated Redirects and Forwards Cheat Sheet
XML External Entity Prevention Cheat Sheet
Server Side Request Forgery Prevention Cheat Sheet
6. Implement Digital Identity
Choosing and Using Security Questions Cheat Sheet
DotNet Security Cheat Sheet (Forms authentication)
DotNet Security Cheat Sheet (A2 Weak Account management)
JSON Web Token Cheat Sheet for Java
REST Security Cheat Sheet (JWT)
Ruby on Rails Cheatsheet (Sessions)
Ruby on Rails Cheatsheet (Authentication)
Session Management Cheat Sheet
7. Enforce Access Controls
Authorization Testing Automation
Credential Stuffing Prevention Cheat Sheet
Cross-Site_Request_Forgery_Prevention_Cheat_Sheet
DotNet Security Cheat Sheet (A4 Insecure Direct object references)
DotNet Security Cheat Sheet (A7 Missing function level access control)
REST Security Cheat Sheet (Access Control)
Ruby on Rails Cheatsheet (Insecure Direct Object Reference or Forceful Browsing)
Ruby on Rails Cheatsheet (CSRF)
Insecure Direct Object Reference Prevention Cheat Sheet
Transaction Authorization Cheat Sheet
8. Protect Data Everywhere
Cryptographic Storage Cheat Sheet
DotNet Security Cheat Sheet (Encryption)
DotNet Security Cheat Sheet (A6 Sensitive data exposure)
Transport Layer Protection Cheat Sheet
HTTP Strict Transport Security Cheat Sheet
REST Security Cheat Sheet (HTTPS)
Ruby on Rails Cheatsheet (Encryption)
User Privacy Protection Cheat Sheet
9. Implement Security Logging and Monitoring
REST Security Cheat Sheet (Audit Logs)