|
|
|
|
|
|
by markc
2874 days ago
|
|
|
This post is a reasonable start, but has some errors and omissions - and is now out of date since the OWASP Top 10 update. A few suggested improvements: Update to use OWASP Top 10 2017 https://www.owasp.org/index.php/Top_10-2017_Top_10 Incorporate OWASP Top 10 Proactive controls https://www.owasp.org/index.php/OWASP_Proactive_Controls XSS Section refers only to stored XSS. Describe reflected XSS as well. Describe DOM-based XSS and mitigations. Provide some examples of Security Misconfiguration Provide advice on how to keep software patched for security flaws The post says "Use HTTPS if you can". HTTPS is not optional for web security. |
|
|