Skip to content

Proactive Controls Index

Objective

The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be included in every software development project. They are ordered by order of importance, with control number 1 being the most important.

This cheat sheet will help users of the OWASP Top Ten Proactive Controls 2018 identify which cheat sheets map to each proactive control.

C1. Define Security Requirements

Abuse Case Cheat Sheet

Attack Surface Analysis Cheat Sheet

Threat Modeling Cheat Sheet

C2. Leverage Security Frameworks and Libraries

Clickjacking Defense Cheat Sheet

DotNet Security Cheat Sheet (A3 Cross Site Scripting)

PHP Configuration Cheat Sheet

Ruby on Rails Cheat Sheet (Tools)

Ruby on Rails Cheat Sheet (XSS)

Vulnerable Dependency Management Cheat Sheet

C3. Secure Database Access

DotNet Security Cheat Sheet (Data Access)

DotNet Security Cheat Sheet (A1 SQL Injection)

Query Parameterization Cheat Sheet

Ruby on Rails Cheat Sheet (SQL Injection)

SQL Injection Prevention Cheat Sheet

C4. Encode and Escape Data

AJAX Security Cheat Sheet (Client Side)

Cross Site Scripting Prevention Cheat Sheet

DOM based XSS Prevention Cheat Sheet

Injection Prevention Cheat Sheet

Injection Prevention Cheat Sheet in Java

LDAP Injection Prevention Cheat Sheet

C5. Validate All Inputs

Bean Validation Cheat Sheet

Deserialization Cheat Sheet

DotNet Security Cheat Sheet (HTTP Validation and Encoding)

DotNet Security Cheat Sheet (A8 Cross site request forgery)

DotNet Security Cheat Sheet (A10 Unvalidated redirects and forwards)

Input Validation Cheat Sheet

Injection Prevention Cheat Sheet

Injection Prevention Cheat Sheet in Java

Mass Assignment Cheat Sheet

OS Command Injection Defense Cheat Sheet

File Upload Cheat Sheet

REST Security Cheat Sheet (Input Validation)

Ruby on Rails Cheat Sheet (Command Injection)

Ruby on Rails Cheat Sheet (Mass Assignment and Strong Parameters)

Unvalidated Redirects and Forwards Cheat Sheet

XML External Entity Prevention Cheat Sheet

Server Side Request Forgery Prevention Cheat Sheet

C6. Implement Digital Identity

Authentication Cheat Sheet

Choosing and Using Security Questions Cheat Sheet

DotNet Security Cheat Sheet (Forms authentication)

DotNet Security Cheat Sheet (A2 Weak Account management)

Forgot Password Cheat Sheet

JAAS Cheat Sheet

JSON Web Token Cheat Sheet for Java

Password Storage Cheat Sheet

REST Security Cheat Sheet (JWT)

Ruby on Rails Cheat Sheet (Sessions)

Ruby on Rails Cheat Sheet (Authentication)

SAML Security Cheat Sheet

Session Management Cheat Sheet

Multi-Factor Authentication Cheat Sheet

C7. Enforce Access Controls

Access Control Cheat Sheet

Authorization Testing Automation

Credential Stuffing Prevention Cheat Sheet

Cross-Site_Request_Forgery_Prevention_Cheat_Sheet

DotNet Security Cheat Sheet (A4 Insecure Direct object references)

DotNet Security Cheat Sheet (A7 Missing function level access control)

REST Security Cheat Sheet (Access Control)

Ruby on Rails Cheat Sheet (Insecure Direct Object Reference or Forceful Browsing)

Ruby on Rails Cheat Sheet (CSRF)

Insecure Direct Object Reference Prevention Cheat Sheet

Transaction Authorization Cheat Sheet

Multi-Factor Authentication Cheat Sheet

C8. Protect Data Everywhere

Cryptographic Storage Cheat Sheet

DotNet Security Cheat Sheet (Encryption)

DotNet Security Cheat Sheet (A6 Sensitive data exposure)

Transport Layer Security Cheat Sheet

Key Management Cheat Sheet

HTTP Strict Transport Security Cheat Sheet

Pinning Cheat Sheet

REST Security Cheat Sheet (HTTPS)

Ruby on Rails Cheat Sheet (Encryption)

User Privacy Protection Cheat Sheet

C9. Implement Security Logging and Monitoring

REST Security Cheat Sheet (Audit Logs)

Logging Cheat Sheet

C10. Handle All Errors and Exceptions

REST Security Cheat Sheet (Error Handling)

Error Handling Cheat Sheet