[Owasp_framework_security_project] Security Controls
michael.coates at owasp.org
Wed Jan 15 12:43:30 UTC 2014
Here is the current list of security controls we're evaluating against the
Django framework. The idea is that this list will become standardized and
used against all frameworks. Comments? Anything missing? Any other
resources we should be referencing to build this list?
Automatic escaping of HTMLPrepared statements (including ORM) x-frame-options
SECURE Cookie Flag HTTPOnly Cookie Flag Automatic CSRF protection Offsite
in production environments Mask sensitive data in logs Encryption
abstractions Strict transport security Content security policy Automatic
features and associated risksHeader Attack validationSecure Password
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp_framework_security_project