[Owasp_snakes_and_ladders] Web Applications - Proactive Controls 2016

Colin Watson colin.watson at owasp.org
Tue May 17 08:03:28 UTC 2016


The OWASP Proactive Controls Top 10 were updated in January 2016:

https://www.owasp.org/index.php/OWASP_Proactive_Controls

Previous 2014
-------------------------------
2014-C1 Parameterize Queries
2014-C2 Encode Data
2014-C3 Validate All Inputs
2014-C4 Implement Appropriate Access Controls
2014-C5 Establish Identity and Authentication Controls
2014-C6 Protect Data and Privacy
2014-C7 Implement Logging, Error Handling and Intrusion Detection
2014-C8 Leverage Security Features of Frameworks and Security Libraries
2014-C9 Include Security-Specific Requirements
2014-C10 Design and Architect Security In

Changes
-------------------------------
2014-C1 becomes C2
2014-C2 becomes C3
2014-C3 becomes C4
2014-C4 becomes C6
2014-C5 number is same but has changed name slightly ("Establish" ->
"Implement")
2014-C6 becomes C7 and has been shortened (deleting "and Privacy")
2014-C7 becomes C8 and has been shortened (deleting ", Error Detection")
2014-C8 becomes C9 and has been reworded
Concepts from 2014-C9 and 2014-C10 have been included in the new C1 and C10

Current 2016
-------------------------------
C1 Verify for Security Early and Often
C2 Parameterize Queries
C3 Encode Data
C4 Validate All Inputs
C5 Implement Identity and Authentication Controls
C6 Implement Appropriate Access Controls
C7 Protect Data
C8 Implement Logging and Intrusion Detection
C9 Leverage Security Frameworks and Libraries
C10 Error and Exception Handling

We will update Snakes & Ladders - Web Applications, but request help
for the translations into the other languages.

There is a new XLS file uploaded to Crowdin with the updated 2016
Proactive Controls in it, together with unaltered text.

https://crowdin.com/project/owasp-snakes-and-ladders/settings#files

I have also attached the file to this email. The requested
translations are highlighted in orange.

Best regards

Colin and Katy

OWASP Snakes & Ladders project leaders
https://www.owasp.org/index.php/OWASP_Snakes_and_Ladders
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp-snakes-and-ladders-text-proactive2016.xlsx
Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Size: 26720 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp_snakes_and_ladders/attachments/20160517/3a856811/attachment-0001.xlsx>


More information about the Owasp_snakes_and_ladders mailing list