OWASP Developer Guide

Implementation Do's and Don'ts

5.4 Implementation Do’s and Don’ts

Implementation demands technical knowledge, skill and experience. There is no substitute for experience, but learning from past mistakes and the experience of others can go a long way. This section of the Developer Guide is a collection of Do’s and Don’ts, some of which may be directly relevant to any given project and some of which will be less so. It is worth considering all of these Do’s and Don’ts and picking out the ones that will be of most use.


6.1 Container security
6.2 Secure coding
6.3 Cryptographic practices
6.4 Application spoofing
6.5 Content Security Policy (CPS)
6.6 Exception and error handling
6.7 File management
6.8 Memory management

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.