OWASP Top Ten 2021 : Related Cheat Sheets¶
The OWASP Top Ten is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
This cheat sheet will help users of the OWASP Top Ten identify which cheat sheets map to each security category. This mapping is based the OWASP Top Ten 2021 version.
A01:2021 – Broken Access Control¶
- Authorization Cheat Sheet
- Insecure Direct Object Reference Prevention Cheat Sheet
- Transaction Authorization Cheat Sheet
- Cross-Site Request Forgery Prevention Cheat Sheet
A02:2021 – Cryptographic Failures¶
- Cryptographic Storage Cheat Sheet
- Transport Layer Security Cheat Sheet
- HTTP Strict Transport Security Cheat Sheet
- Secrets Management Cheat Sheet
- Key Management Cheat Sheet
- Pinning Cheat Sheet
A03:2021 – Injection¶
- Injection Prevention Cheat Sheet
- LDAP Injection Prevention Cheat Sheet
- OS Command Injection Defense Cheat Sheet
- Injection Prevention in Java Cheat Sheet
- SQL Injection Prevention Cheat Sheet
- Query Parameterization Cheat Sheet
- Cross Site Scripting Prevention Cheat_Sheet
- DOM based XSS Prevention Cheat Sheet
- XSS Filter Evasion Cheat Sheet
- Content Security Policy Cheat Sheet
A04:2021 – Insecure Design¶
A05:2021 – Security Misconfiguration¶
- Infrastructure as Code Security Cheat Sheet
- XML External Entity Prevention Cheat Sheet
- PHP Configuration Cheat Sheet
- Docker Security Cheat Sheet
A06:2021 – Vulnerable and Outdated Components¶
- Vulnerable Dependency Management Cheat Sheet
- Third Party JavaScript Management Cheat Sheet
- npm Security best practices
A07:2021 – Identification and Authentication Failures¶
- Authentication Cheat Sheet
- Session Management Cheat Sheet
- Forgot Password Cheat Sheet
- Choosing and Using Security Questions Cheat Sheet
- Credential Stuffing Prevention Cheat Sheet
- Denial of Service Cheat Sheet
- JSON Web Token for Java Cheat Sheet
- Multifactor Authentication Cheat Sheet
- Password Storage Cheat Sheet
- SAML Security Cheat Sheet