OWASP Secure Coding Practices-Quick Reference Guide
Cornucopia
Version 2.1 of the Secure Coding Practices quick reference guide provides the numbering system used in the Cornucopia project playing cards.
Archived project
The OWASP Secure Coding Practices Quick-reference Guide project has now been archived.
The content of the Secure Coding Practices Quick-reference Guide overview and glossary has been migrated to various sections within the OWASP Developer Guide.
The Secure Coding Practices Quick-reference Guide checklists have also been migrated to the Developer Guide; this provides a wider audience for the original checklist.
Contact Jon Gadsden for any questions about this move.
Archived versions
The latest stable Spanish language version along with the latest English language version are still available on these OWASP project pages.
There is also a work in progress English language version that shows the final work before being migrated to the OWASP Developer Guide.
v2.1 (Cornucopia)
Version of SCP with a numbering system used by the Cornucopia project playing cards.
| Language | DOC | |
|---|---|---|
| English | download | download |
v2.0.1 (current release)
| Language | eBook | |
|---|---|---|
| Brazilian | download | download eBook |
| Chinese | download | download eBook |
| English | download | download eBook |
| Korean | download | download eBook |
| Portuguese | download | download eBook |
| Spanish | download | download eBook |
v2.0
| Language | DOC | |
|---|---|---|
| English | download | download |
| Korean | download | - |
v1.3
| Language | DOC | |
|---|---|---|
| Brazilian | download | - |
| Portuguese | download | - |
v1.1 (last reviewed release)
| Language | DOC | |
|---|---|---|
| English | download | download |
v1
| Language | DOC | |
|---|---|---|
| Chinese | download | - |
| English | download | download |
| Spanish | - | download |
other downloads
- Project Pamphlet
- Project Presentation
- Slide deck- Presented by Keith Turpin on OWASP AppSec USA 2010
- Archive XLS Feedback Spreadsheet
If you contribute to this Project, please add your name here.
Project Leaders
- Keith Turpin
- Jon Gadsden
Contributors
- Andrew Petukhov
- Anurag Agarwal
- Brad Causey
- Caleb McGary
- Catherine Spencer
- Dan Kranz
- Jason Coleman
- Jim Manico
- Ludovic Petit
- Michael V. Scovetta
- Walt Pietrowski
Translations
Portuguese (PT & BR)
- Tarcizio Vieira Neto
- Alexandre Pupo
- Carlos Serrão
- Jorge Olimpia
- Leandro Gomes
- Paulo Silva
- Rogério Vicente
- Sílvio Correia Filho
Korean
- OWASP Korea chapter
Spanish
- Gerardo Canedo
- Mauro Flores
- Alberto Hill
- Mateo Martinez
- Mauricio Papaleo
- Nicolás Soarez
- Cecilia Targetta
Chinese
- Henghui Lin
- Jie Wang
- Yongliang He
Persian (Farsi)
- Ashkan Rafiee
This is the archive of the original SCP web page
Welcome to the Secure Coding Practices Quick Reference Guide Project
The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.
The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.
It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.
Sections of the Guide:
- Table of contents
- Introduction
- Software Security Principles Overview
- Secure Coding Practices Checklist
- Links to useful resources
- Glossary of important terminology
Download the current v2 (Stable) release:
Translations:
- Brazilian Portuguese Translation PDF
- Portugal Portuguese Translation PDF
- Korean Translation PDF
- Spanish Translation doc
- Chinese Translation PDF
Related Presentations: This slide deck incorporates many concepts from the Quick reference guide, but also utilizes other OWASP resources. Web Application Development Dos and Donts - Presentation from the Royal Bank of Scotland
Related Projects: Go programming language secure coding practices guide, based on the OWASP Secure Coding Practices
Project Feedback and Disposition History
Feedback and Participation:
I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [email protected].
Project mailing list and archives: subscription page.
Project Contributors:
If you contribute to this Project, please add your name here Project Lead:
- Keith Turpin
Contributors: * Dan Kranz
- Walt Pietrowski
- Catherine Spencer
- Caleb McGary
- Brad Causey
- Ludovic Petit
- Michael V. Scovetta
- Jim Manico
- Jason Coleman
- Anurag Agarwal
- Andrew Petukhov
Translation Contributors
Portuguese Translation * Tarcizio Vieira Neto
Korean Translation * OWASP Korea chapter Spanish Translation * Canedo,Gerardo
- Flores,Mauro
- Hill,Alberto
- Martinez,Mateo
- Papaleo,Mauricio
- Soarez,Nicolás
- Targetta, Cecilia
Chinese Translation * Jie Wang
- Yongliang He
- Henghui Lin
Project About
NOTOC
Secure Coding Practices - Quick Reference Guide Category:OWASP_Document Category:OWASP Best Practices Category:OWASP_Download OWASP Release Quality Document Category:SAMM-SR-1
Classification
- Incubator Project
- Documentation
Audience
- Builder
License
CC BY-SA 4.0
Code Repository
Downloads
Related Projects
Editors
- Gerardo Canedo (español)
- Paulo Silva (português)
- Jon Gadsden (English)