www-project-proactive-controls tab_news md at master OWASP www-project-proactive-controls
Content How to Use this Document¶ How to prevent security logging and monitoring failures? A02:2021-Cryptographic Failures Security Logging and Monitoring Failures (A09: . Manage Business and Software Risk Session identifier should not be in the URL, be securely stored, and invalidated after logout, idle, and absolute timeouts. Implement weak password checks, such as testing new or changed passwords against the top 10,000 worst passwords list. This ebook shows best practices and prevention techniques for keeping vulnerabilities away and securing your web apps. For example, an application that relies on plugins, libraries, or modules from owasp proactive controls unverified and untrusted sources, repositories, or content delivery networks (CDNs) may be exposed to such a type of failure. While the current OWASP Proactive Controls do not match up perfectly with the OWASP Top Ten for 2021, they do a fair job of advising on controls to add to your applications to mitigate…