shadowhand/owaspnotes.md

Last active March 5, 2016 19:47

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/shadowhand/89243c396ef559fb12e6.js"></script>
Save shadowhand/89243c396ef559fb12e6 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

owaspnotes.md

OWASP Top 10 Notes

p: login redirect -> credential capture

whitelist allowed

p: components with known vulnerabilities

security checker package

p: cookie passthrough

user interaction, csrf, no sticky login

p: mssing function access control + insecure object references

unavoidable acl

p: data exposure

https everywhere
password storage
(or) store no data at all

p: security misconfiguration

pay an expert
turn off stack traces in production

p: xss

escape everything all the time

p: broken auth, session manage

session use only cookies
session regeneration
password confirmation for critical actions
https + secure cookies + http cookies + csrf + credential entry + session regen

p: injection

filter everything all the time
sql parameters
filter_var

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment