OWASP Developer Guide

Implementation Do's and Don'ts

Developer guide logo{height=180px}

12.1 Implementation Do’s and Don’ts

Implementation demands technical knowledge, skill and experience. There is no substitute for experience, but learning from past mistakes and the experience of others can go a long way. This section of the Developer Guide is a collection of Do’s and Don’ts, some of which may be directly relevant to any given project and some of which will be less so. It is worth considering all of these Do’s and Don’ts and picking out the ones that will be of most use.


12.1.1 Container security
12.1.2 Secure coding
12.1.3 Cryptographic practices
12.1.4 Application spoofing
12.1.5 Content Security Policy (CSP)
12.1.6 Exception and error handling
12.1.7 File management
12.1.8 Memory management

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue.