OWASP Top 10 Proactive Controls presented at LASCON 2014

by Jim Manico,

Summary : Software developers are the foundation of any application. In order to achieve secure software, developers must be supported and helped by the organization they author code for. As software developers author the code that makes up a web application, they need to embrace and practice a wide variety of secure coding techniques. All tiers of a web application, the user interface, the business logic, the controller, the database code and more – all need to be developed with security in mind.
The OWASP Top Ten Proactive Controls is a list of security techniques that should be included in every software development project. They are ordered by order of importance, with control number 1 being the most important. This document was written by developers for developers to assist those new to secure development.
• 1: Parameterize Queries
• 2: Encode Data
• 3: Validate All Inputs
• 4: Implement Appropriate Access Controls
• 5: Establish Identity and Authentication Controls
• 6: Protect Data and Privacy
• 7: Implement Logging, Error Handling and Intrusion Detection
• 8: Leverage Security Features of Frameworks and Security Libraries
• 9: Include Security-Specific Requirements
• 10: Design and Architect Security In