サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
Appleイベント
cheatsheetseries.owasp.org
Introduction Index Alphabetical Index ASVS Index MASVS Index Proactive Controls Index Top 10 Cheatsheets XML External Entity Prevention Cheat Sheet¶ Introduction¶ An XML eXternal Entity injection (XXE), which is now part of the OWASP Top 10 via the point A4, is attack against applications that parse XML input. This issue is referenced in the ID 611 in the Common Weakness Enumeration referential. A
SAML Security Cheat Sheet¶ Introduction¶ The Security Assertion Markup Language (SAML) is an open standard for exchanging authorization and authentication information. The Web Browser SAML/SSO Profile with Redirect/POST bindings is one of the most common SSO implementation. This cheatsheet will focus primarily on that profile. Validate Message Confidentiality and Integrity¶ TLS 1.2 is the most com
GraphQL Cheat Sheet¶ Introduction¶ GraphQL is an open source query language originally developed by Facebook that can be used to build APIs as an alternative to REST and SOAP. It has gained popularity since its inception in 2012 because of the native flexibility it offers to those building and calling the API. There are GraphQL servers and clients implemented in various languages. Many companies u
Docker Security Cheat Sheet¶ Introduction¶ Docker is the most popular containerization technology. When used correctly, it can enhance security compared to running applications directly on the host system. However, certain misconfigurations can reduce security levels or introduce new vulnerabilities. The aim of this cheat sheet is to provide a straightforward list of common security errors and bes
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. We hope that this project provides you with excellent security guidance in an easy to read format. You can download this site here. An ATOM fee
Introduction Index Alphabetical Index ASVS Index MASVS Index Proactive Controls Index Top 10 Cheatsheets JSON Web Token Cheat Sheet for Java¶ Introduction¶ Many applications use JSON Web Tokens (JWT) to allow the client to indicate its identity for further exchange after authentication. From JWT.IO: JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way f
Introduction Index Alphabetical Index ASVS Index MASVS Index Proactive Controls Index Top 10 Cheatsheets LDAP Injection Prevention Cheat Sheet¶ Introduction¶ This cheatsheet is focused on providing clear, simple, actionable guidance for preventing LDAP Injection flaws in your applications. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on us
TLS Cipher String Cheat Sheet¶ Introduction¶ The Mozilla Foundation provides an easy-to-use secure configuration generator for web, database, and mail software. This online (and well updated) tools allows site administrators to select the software they are using and receive a configuration file that is both safe and compatible for a wide variety of browser versions and server software. For more in
Password Storage Cheat Sheet¶ Introduction¶ This cheat sheet advises you on the proper methods for storing passwords for authentication. When passwords are stored, they must be protected from an attacker even if the application or database is compromised. Fortunately, a majority of modern languages and frameworks provide built-in functionality to help store passwords safely. However, once an attac
Authentication Cheat Sheet¶ Introduction¶ Authentication is the process of verifying that an individual, entity, or website is who/what it claims to be. Authentication in the context of web applications is commonly performed by submitting a username or ID and one or more items of private information that only a given user should know. Session Management is a process by which a server maintains the
REST Security Cheat Sheet¶ Introduction¶ REST (or REpresentational State Transfer) is an architectural style first described in Roy Fielding's Ph.D. dissertation on Architectural Styles and the Design of Network-based Software Architectures. It evolved as Fielding wrote the HTTP/1.1 and URI specs and has been proven to be well-suited for developing distributed hypermedia applications. While REST i
Ruby on Rails Cheat Sheet¶ Introduction¶ This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the Rails security guide from rails core. The Rails framework abstracts developers from quite a bit of tedious work and provides the means to accomplish complex tasks quickly and with ease. New developers, th
Introduction Index Alphabetical Index ASVS Index MASVS Index Proactive Controls Index Top 10 Cheatsheets HTTP Strict Transport Security Cheat Sheet¶ Introduction¶ HTTP Strict Transport Security (also named HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will preve
PHP Configuration Cheat Sheet¶ Introduction¶ This page is meant to help those configuring PHP and the web server it is running on to be very secure. Below you will find information on the proper settings for the php.ini file and instructions on configuring Apache, Nginx, and Caddy web servers. For general PHP codebase security please refer to the two following great guides: Paragonie's 2018 PHP Se
XSS Filter Evasion Cheat Sheet¶ Introduction¶ This article is a guide to Cross Site Scripting (XSS) testing for application security professionals. This cheat sheet was originally based on RSnake's seminal XSS Cheat Sheet previously at: http://ha.ckers.org/xss.html. Now, the OWASP Cheat Sheet Series provides users with an updated and maintained version of the document. The very first OWASP Cheat S
HTML5 Security Cheat Sheet¶ Introduction¶ The following cheat sheet serves as a guide for implementing HTML 5 in a secure fashion. Communication APIs¶ Web Messaging¶ Web Messaging (also known as Cross Domain Messaging) provides a means of messaging between documents from different origins in a way that is generally safer than the multiple hacks used in the past to accomplish this task. However, th
Session Management Cheat Sheet¶ Introduction¶ Web Authentication, Session Management, and Access Control: A web session is a sequence of network HTTP request and response transactions associated with the same user. Modern and complex web applications require the retaining of information or status about each user for the duration of multiple requests. Therefore, sessions provide the ability to esta
Introduction Index Alphabetical Index ASVS Index MASVS Index Proactive Controls Index Top 10 Cheatsheets DOM based XSS Prevention Cheat Sheet¶ Introduction¶ When looking at XSS (Cross-Site Scripting), there are three generally recognized forms of XSS: Reflected or Stored DOM Based XSS. The XSS Prevention Cheatsheet does an excellent job of addressing Reflected and Stored XSS. This cheatsheet addre
Introduction Index Alphabetical Index ASVS Index MASVS Index Proactive Controls Index Top 10 Cheatsheets Cross-Site Request Forgery Prevention Cheat Sheet¶ Introduction¶ A Cross-Site Request Forgery (CSRF) attack occurs when a malicious web site, email, blog, instant message, or program tricks an authenticated user's web browser into performing an unwanted action on a trusted site. If a target use
DEPRECATED: Transport Layer Protection Cheat Sheet¶ The Transport Layer Protection Cheat Sheet has been deprecated. Please visit the Transport Layer Security Cheat Sheet instead.
Introduction Index Alphabetical Index ASVS Index MASVS Index Proactive Controls Index Top 10 Cheatsheets SQL Injection Prevention Cheat Sheet¶ Introduction¶ This cheat sheet will help you prevent SQL injection flaws in your applications. It will define what SQL injection is, explain where those flaws occur, and provide four options for defending against SQL injection attacks. SQL Injection attacks
Introduction Index Alphabetical Index ASVS Index MASVS Index Proactive Controls Index Top 10 Cheatsheets Cross Site Scripting Prevention Cheat Sheet¶ Introduction¶ This cheat sheet helps developers prevent XSS vulnerabilities. Cross-Site Scripting (XSS) is a misnomer. Originally this term was derived from early versions of the attack that were primarily focused on stealing data cross-site. Since t
このページを最初にブックマークしてみませんか?
『Introduction - OWASP Cheat Sheet Series』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く