OWASP Developer Guide

Top 10 Proactive Controls

5.1.1 Top 10 Proactive Controls

The OWASP Top 10 Proactive Controls describes the most important controls and control categories that security architects and development teams should consider in web application projects.

What are the Top 10 Proactive Controls?

The OWASP Top 10 Proactive Controls is a list of security techniques that should be considered for web applications. They are ordered by order of importance, with control number 1 being the most important:

Why use them?

The Proactive Controls are a well established list of security controls, first published in 2014 and revised in 2018, so considering these controls can be seen as best practice. Following best practice is always encouraged: at the very least an organization should avoid the avoidable exploits.

Putting these proactive controls in place can help remediate common security vulnerabilities, for example:

How to apply them

The OWASP Spotlight series provides an overview of how to use this documentation project: ‘Project 8 - Proactive Controls’.

During development of a web application, consider using each security control described in the sections of the Proactive Controls that are relevant to the application.

The OWASP Cheat Sheets have been indexed specifically for each Proactive Control, which can be used as additional information on implementing the control.

References


The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.

\newpage