-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cheat sheets index from OWASP Proactive Controls point of view #52
Conversation
Hello, amazing job :), can you add the error handling CS to the section 10?
Thanks you very much in advance :)
|
Yes. So far I added CS that start from letters A, B and C. During next few days I will add rest of them. |
Cool, thanks you so much for the help!!!
|
I finished adding all CS to proactive controls index. |
We also have to decide what to do with CSs that does not fit to top 10 OPC list. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Amazing job 🥇
I have made some little comments.
Feel free to ping me if you disagree or if you have any questions/comments.
Thanks for all 😃
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kindly check the comments and let's discuss them.
IndexProactiveControls.md
Outdated
|
||
[Cross-Site_Request_Forgery_Prevention_Cheat_Sheet](cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md) - Enforce Access Controls? | ||
|
||
[Docker Security Cheat Sheet](cheatsheets/Docker_Security_Cheat_Sheet.md) - Leverage Security Frameworks and Libraries? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am neutral if this should be added or not. Docker is more of securing the infrastructure, and contains a little bit of securing secrets, not actually related to the application that the user will be accessing. @righettod What do you think about this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With Docker, application is often considered as a "docker image" so it can be interesting to reference the docker CS in adequate section in order to give hint to dev team when packaging the app as "container", what do you think guys ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't able to actually map it to any of the mentioned proactive controls.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Docker is probably out of scope of this, the best place to put it is "Leverage Security Frameworks and Libraries" but docker is not a security tool.
@ThunderSon thanks for review. I addressed most of the yours suggestions and added a comment for rest of them. |
I updated this PR with adding |
Ok i will do it asap :)
|
@mackowski @ThunderSon PR Merged :) |
Thank you for submitting a Pull Request to the Cheat Sheet Series.
Please make sure that for your contribution:
This PR covers issue #21.