OWASP Top Ten Proactive Controls 2024
Document Structure
Document Structure
This document is structured as a list of security controls. The list is ordered by importance with list item number 1 being the most important:
- C1: Implement Access Control
- C2: Use Cryptography the right way
- C3: Validate, Escape, Sanitize or Parameterize Untrusted Data
- C4: Use Secure Architecture Patterns
- C5: Secure By Default Configurations
- C6: Assess and Update your Components
- C7: Implement Digital Identity
- C8: Help the Browser defend its User
- C9: Implement Security Logging and Monitoring
- C10: Stop Server Side Request Forgery
Security Controls
The description of each control has the same structure. The control itself has an unique name preceeded by the control number: Cx: Control Name, e.g., C1: Implement Access Control.
Each control has the same sections:
- Description: A detailed description of the control including some best practices to consider.
- Threat(s): A threat or threats that this control counters.
- Implementation: Best practices and examples to illustrate how to implement each control.
- Vulnerabilities Prevented: List of prevented vulnerabilities or risks addressed (OWASP TOP 10 Risk, CWE, etc.)
- References: List of references for further study (OWASP Cheat sheet, Security Hardening Guidelines, etc.)
- Tools: Set of tools/projects to easily introduce/integrate security controls into your software.