[Owasp_framework_security_project] Security Controls

Michael Coates michael.coates at owasp.org
Wed Jan 15 12:43:30 UTC 2014


Here is the current list of security controls we're evaluating against the
Django framework. The idea is that this list will become standardized and
used against all frameworks. Comments? Anything missing? Any other
resources we should be referencing to build this list?

Automatic escaping of HTMLPrepared statements (including ORM) x-frame-options
SECURE Cookie Flag HTTPOnly Cookie Flag Automatic CSRF protection Offsite
redirect detection/prevention javascript: URIs in links Error suppression
in production environments Mask sensitive data in logs Encryption
abstractions Strict transport security Content security policy Automatic
escaping of JavaScriptProject documentation clearly mentions the security
features and associated risksHeader Attack validationSecure Password

Michael Coates
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_framework_security_project/attachments/20140115/339f4d0f/attachment.html>

More information about the Owasp_framework_security_project mailing list