cat slave diary

OWASP Top 10 2010 – Cheat Sheet

Written by

Andrew van der Stock

in

,

Here is a two page cheat sheet for the OWASP Top 10 2010.

OWASP Top 10 2010 Cheat Sheet (100 kb PDF)

Double side to create a single piece of paper and hand it out to all your developers for free – it’s licensed under a Creative Commons Sharealike with attribution license. Once I’ve had a bit of feedback and I’ve tweaked it a bit, I’ll donate it to OWASP.

This cheat sheet is an unapologetically developer centric list of things to do right.

I’ve made it as simple as possible by only including things that I personally know will work with the least amount of (re-)work. Therefore, I have purposely left out all the different alternatives. You can (and probably will) have differing views as how to do it better.

The cheat sheet assumes the reader knows how to program, use a search engine and thus find OWASP. I might have to change these assumptions.

I’d love to hear feedback. Comments or e-mail will work fine.

Comments

4 responses to “OWASP Top 10 2010 – Cheat Sheet”

  1. securityninja Avatar
    securityninja

    Hi Andrew,

    I like this approach to helping developers. It is similar to something I have been promoting for a while now called the Principles of Secure Web Development.

    I’d rather focus on the things a developer should do right instead of the things an attacker might do.

    More details on the principles can be found on my website or by listening to a soon to be published OWASP podcast I recorded recently 🙂

    SN

  2. Leto Avatar
    Leto

    Useful, thanks!

  3. AbiusX Avatar
    AbiusX

    Hi Andrew,
    I think its a very useful document, but it lacks operational solutions, i.e you have reference ESAPI modules for preventions only, but if anyone knew ESAPI enough s/he wouldn’t need a top ten cheat sheet at all!

    Provide some alternate solutions, such as libraries for XSS or Prepared Statements for injections.

    Regards
    AbiusX

  4. Found: Nice OWASP Top 10 Cheat Sheet | Geek on the Loose

    […] discovered this very useful, developer-centric cheat sheet for the OWASP Top 10 for 2010 (go directly to the pdf). It's nice and concise and gets straight to the simplest code fixes that […]

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts