OWASP
Open Worldwide Application Security Project (OWASP) is an independent organisation that publises articles on application security. Many of the articles are recommendations and best practices.
CISSP
A Certified Information Security Professional (CISSP) is a well known independent information security certification.
The CISSP Common Body of Knowlegde (CBK) defines security terms and principles and contains many references to OWASP resources.
OWASP Resources
This blog provides a closer look to these specific OWASP resources. Very useful material for every (web) application developer.
Besides these resources, OWASP offers much more on application security. The cheat sheet series, of which some are listed below, provide security best practices on many topics.
OWASP Top ten
The well known OWASP Top 10 creates security awareness for web developers by listing the most critical risks of web applications.
https://owasp.org/www-project-top-ten/Software Composition Analysis
This is a Slide deck authored in 2019 on mitigating the risks of composing (Open Source) software from multiple sources.
http://wiki.owasp.org/images/b/bd/Software_Composition_Analysis_OWASP_Stammtisch_-_Stanislav_Sivak.pdfAbuse Case Cheat Sheet
This sheet defines what a Abuse Case is and why they are important. It describes how to build a list of abuse cases and how to track them.
https://cheatsheetseries.owasp.org/cheatsheets/Abuse_Case_Cheat_Sheet.htmlInput Validation Cheat Sheet
This sheet provides guidance on Input Validation security.
https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.htmlREST Security Cheat Sheet
A list of best practices on how to use REST is a secure way.
https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.htmlSession Management Cheat Sheet
This sheet describes how to keep sessions secure by explaining these topics:
- The session lifecycle
- Client side defenses
- Session attack detection and:
- Secure session management implementation
- Security features of cookies
- Securing HTML 5 web storage
- Securing Web Workers
SQL Injection Prevention Cheat Sheet
Prevent SQL injection flaws in your applications. Where do flaws occur and how to defending against SQL injection attacks.
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.htmlSecure Coding Practices checklists
Written in 2010 and stil useful. Technology agnostic with checklists on general software security coding practices.
https://owasp.org/www-pdf-archive/OWASP_SCP_Quick_Reference_Guide_v2.pdfAPI Security Top 10 2023
How to mitigate the risks of an Application Programming Interface (API).
https://owasp.org/www-project-api-security/Software Assurance Maturity Model
A measurable way to improve software security. As with most other software maturity models, this model defines five maturiy stages:
- Governance
- Design
- Implementation
- Verification
- Operations
