CheatSheetSeries
CheatSheetSeries copied to clipboard
OWASP
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
I think this PR could still use a lot of work, especially to be made a bit more succinct. Unfortunately, my middle name is "TL;DR", so I'm not the best...
## What is missing or needs to be updated? The current XSS Prevention Cheat Sheet is great at describing what developers _should_ do to prevent XSS vulnerabilities and that definitely...
## What is missing or needs to be updated? In the "User Interaction-Based CSRF Defense" section it is stated that CAPTCHA is one way to protect against CSRF and that...
## What is missing or needs to be updated? - Requires updates to account for current best practices - https://github.com/OWASP/CheatSheetSeries/issues/1114 ## How should this be resolved? - I propose changing...
## What is missing or needs to be updated? - No mention of [OWASP Top 10 Privacy Risks & Countermeasures 2.0](https://owasp.org/www-project-top-10-privacy-risks/OWASP_Top_10_Privacy_Risks_Countermeasures_v2.0.pdf) ## How should this be resolved? - Add background...
## What is missing or needs to be updated? Chapter "A01 Broken Access Control" > The following requirement is included in Chapter A01: > "Reduce the time period a session...
## What is missing or needs to be updated? A couple of suggestions for the Credential Stuffing cheat sheet: 1. MFA section should link to MFA cheat sheet (reciprocating the...
Introduction ## What is missing or needs to be updated? LINQtoLDAP this project seems to be outdated. Responding to .NET-Standard 2.0 an 3.5 which are outdated too. ## How should...
## What is missing or needs to be updated? For CSRF mitigations, should a section be included to suggest for modern APIs that don't use forms, that the API denies...
## What is missing or needs to be updated? Discussion of secrets management in a multi-cloud environment. ## How should this be resolved? Investigation and discussion of issues. I am...
