Se publico la version 2.0 del documento "OWASP Secure Coding Practices - Quick Reference Guide SCP" .
This technology agnostic document defines a set of general software security coding practices, in a checklist format, that can be integrated into the software development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.
Table of Contents
Introduction
Software Security and Risk Principles Overview
Secure Coding Practices Checklist
Input Validation
Output Encoding:
Authentication and Password Management:
Session Management:
Access Control:
Cryptographic Practices
Error Handling and Logging
Data Protection:
Communication Security
System Configuration
Database Security:
File Management:
Memory Management:
General Coding Practices:
Appendix A:External References
Appendix B: Glossary
Descarga (PDF, EN)
Keith Turpin: The Secure Coding Practices Quick Reference Guide from AppSec USA 2010 on Vimeo.
No hay comentarios:
Publicar un comentario