Top 10 Proactive Controls
5.1.1 Top 10 Proactive Controls
The OWASP Top Ten Proactive Controls describes the most important controls and control categories that security architects and development teams should consider in web application projects. The Proactive Controls project is an OWASP Lab documentation project and the PDF can be downloaded for various languages.
What are the Top 10 Proactive Controls?
The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be considered for web applications. They are ordered by order of importance, with control number 1 being the most important:
- C1: Define Security Requirements
- C2: Leverage Security Frameworks and Libraries
- C3: Secure Database Access
- C4: Encode and Escape Data
- C5: Validate All Inputs
- C6: Implement Digital Identity
- C7: Enforce Access Controls
- C8: Protect Data Everywhere
- C9: Implement Security Logging and Monitoring
- C10: Handle all Errors and Exceptions
Why use them?
The Proactive Controls are a well established list of security controls, first published in 2014 so considering these controls can be seen as best practice.
How to apply them
The OWASP Spotlight series provides an overview of how to use this documentation project: ‘Project 8 - Proactive Controls’.
During development of a web application, consider using each security control described in the sections of the Proactive Controls that are relevant to the application.
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.
\newpage