Proactive Controls Index¶
Objective¶
The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be included in every software development project. They are ordered by order of importance, with control number 1 being the most important.
This cheat sheet will help users of the OWASP Top Ten Proactive Controls 2018 identify which cheat sheets map to each proactive control.
C1. Define Security Requirements¶
Attack Surface Analysis Cheat Sheet
C2. Leverage Security Frameworks and Libraries¶
Clickjacking Defense Cheat Sheet
DotNet Security Cheat Sheet (A3 Cross Site Scripting)
Ruby on Rails Cheat Sheet (Tools)
Ruby on Rails Cheat Sheet (XSS)
Vulnerable Dependency Management Cheat Sheet
C3. Secure Database Access¶
DotNet Security Cheat Sheet (Data Access)
DotNet Security Cheat Sheet (A1 SQL Injection)
Query Parameterization Cheat Sheet
Ruby on Rails Cheat Sheet (SQL Injection)
SQL Injection Prevention Cheat Sheet
C4. Encode and Escape Data¶
AJAX Security Cheat Sheet (Client Side)
Cross Site Scripting Prevention Cheat Sheet
DOM based XSS Prevention Cheat Sheet
Injection Prevention Cheat Sheet
Injection Prevention Cheat Sheet in Java
LDAP Injection Prevention Cheat Sheet
C5. Validate All Inputs¶
DotNet Security Cheat Sheet (HTTP Validation and Encoding)
DotNet Security Cheat Sheet (A8 Cross site request forgery)
DotNet Security Cheat Sheet (A10 Unvalidated redirects and forwards)
Injection Prevention Cheat Sheet
Injection Prevention Cheat Sheet in Java
OS Command Injection Defense Cheat Sheet
REST Security Cheat Sheet (Input Validation)
Ruby on Rails Cheat Sheet (Command Injection)
Ruby on Rails Cheat Sheet (Mass Assignment and Strong Parameters)
Unvalidated Redirects and Forwards Cheat Sheet
XML External Entity Prevention Cheat Sheet
Server Side Request Forgery Prevention Cheat Sheet
C6. Implement Digital Identity¶
Choosing and Using Security Questions Cheat Sheet
DotNet Security Cheat Sheet (Forms authentication)
DotNet Security Cheat Sheet (A2 Weak Account management)
JSON Web Token Cheat Sheet for Java
REST Security Cheat Sheet (JWT)
Ruby on Rails Cheat Sheet (Sessions)
Ruby on Rails Cheat Sheet (Authentication)
Session Management Cheat Sheet
Multi-Factor Authentication Cheat Sheet
C7. Enforce Access Controls¶
Authorization Testing Automation
Credential Stuffing Prevention Cheat Sheet
Cross-Site_Request_Forgery_Prevention_Cheat_Sheet
DotNet Security Cheat Sheet (A4 Insecure Direct object references)
DotNet Security Cheat Sheet (A7 Missing function level access control)
REST Security Cheat Sheet (Access Control)
Ruby on Rails Cheat Sheet (Insecure Direct Object Reference or Forceful Browsing)
Ruby on Rails Cheat Sheet (CSRF)
Insecure Direct Object Reference Prevention Cheat Sheet
Transaction Authorization Cheat Sheet
Multi-Factor Authentication Cheat Sheet
C8. Protect Data Everywhere¶
Cryptographic Storage Cheat Sheet
DotNet Security Cheat Sheet (Encryption)
DotNet Security Cheat Sheet (A6 Sensitive data exposure)
Transport Layer Security Cheat Sheet
HTTP Strict Transport Security Cheat Sheet
REST Security Cheat Sheet (HTTPS)
Ruby on Rails Cheat Sheet (Encryption)
User Privacy Protection Cheat Sheet
C9. Implement Security Logging and Monitoring¶
REST Security Cheat Sheet (Audit Logs)