- Objective
- Not addressed topic
- 1. Define Security Requirements
- 2. Leverage Security Frameworks and Libraries
- 3. Secure Database Access
- 4. Encode and Escape Data
- 5. Validate All Inputs
- 6. Implement Digital Identity
- 7. Enforce Access Controls
- 8. Protect Data Everywhere
- 9. Implement Security Logging and Monitoring
- 10. Handle All Errors and Exceptions
This CheatSheet (CS) will serve an OWASP Proactive Controls user to clearly identify which cheat sheets are useful for each section during their usage of the OWASP Proactive Controls.
This index is based on the version 2018 V3.0 of the OWASP Proactive Controls.
Do not hesitate to open an issue if you need that a dedicated cheat sheet be created to provide information about the target Proactive Controls section.
Attack Surface Analysis Cheat Sheet
C-Based Toolchain Hardening Cheat Sheet
Clickjacking Defense Cheat Sheet
DotNet Security Cheat Sheet (A3 Cross Site Scripting)
Ruby on Rails Cheatsheet (Tools)
Ruby on Rails Cheatsheet (XSS)
DotNet Security Cheat Sheet (Data Access)
DotNet Security Cheat Sheet (A1 SQL Injection)
Query Parameterization Cheat Sheet
Ruby on Rails Cheatsheet (SQL Injection)
SQL Injection Prevention Cheat Sheet
AJAX Security Cheat Sheet (Client Side)
Cross Site Scripting Prevention Cheat Sheet
DOM based XSS Prevention Cheat Sheet
Injection Prevention Cheat Sheet
Injection Prevention Cheat Sheet in Java
LDAP Injection Prevention Cheat Sheet
DotNet Security Cheat Sheet (HTTP Validation and Encoding)
DotNet Security Cheat Sheet (A8 Cross site request forgery)
DotNet Security Cheat Sheet (A10 Unvalidated redirects and forwards)
Injection Prevention Cheat Sheet
Injection Prevention Cheat Sheet in Java
OS Command Injection Defense Cheat Sheet
Protect FileUpload Against Malicious File
REST Security Cheat Sheet (Input Validation)
Ruby on Rails Cheatsheet (Command Injection)
Ruby on Rails Cheatsheet (Mass Assignment and Strong Parameters)
Unvalidated Redirects and Forwards Cheat Sheet
XML External Entity Prevention Cheat Sheet
Choosing and Using Security Questions Cheat Sheet
DotNet Security Cheat Sheet (Forms authentication)
DotNet Security Cheat Sheet (A2 Weak Account management)
JSON Web Token Cheat Sheet for Java
REST Security Cheat Sheet (JWT)
Ruby on Rails Cheatsheet (Sessions)
Ruby on Rails Cheatsheet (Authentication)
Session Management Cheat Sheet
Authorization Testing Automation
Credential Stuffing Prevention Cheat Sheet
Cross-Site_Request_Forgery_Prevention_Cheat_Sheet
DotNet Security Cheat Sheet (A4 Insecure Direct object references)
DotNet Security Cheat Sheet (A7 Missing function level access control)
REST Security Cheat Sheet (Access Control)
Ruby on Rails Cheatsheet (Insecure Direct Object Reference or Forceful Browsing)
Ruby on Rails Cheatsheet (CSRF)
Insecure Direct Object Reference Prevention Cheat Sheet
Transaction Authorization Cheat Sheet
Cryptographic Storage Cheat Sheet
DotNet Security Cheat Sheet (Encryption)
DotNet Security Cheat Sheet (A6 Sensitive data exposure)
Transport Layer Protection Cheat Sheet
HTTP Strict Transport Security Cheat Sheet
REST Security Cheat Sheet (HTTPS)
Ruby on Rails Cheatsheet (Encryption)
User Privacy Protection Cheat Sheet
REST Security Cheat Sheet (Audit Logs)