Cheat sheets index from OWASP Proactive Controls point of view

[mackowski]

Thank you for submitting a Pull Request to the Cheat Sheet Series.

Please make sure that for your contribution:

• In case of a new Cheat Sheet, you have used the Cheat Sheet template.
• All the markdown files do not raise any validation policy violation, see policy here.
• All the markdown files follow these format rules.
• All your assets are stored in the assets folder.
• All the images used are in the PNG format.
• Any references to website have been formatted as TEXT
• You verified/tested the effectiveness of your contribution (e.g.: defensive code proposed is really an effective remediation? Please verify it works!).
• The CI build of your PR pass, see the build status here.

This PR covers issue #21.

[righettod]

Hello, amazing job :), can you add the error handling CS to the section 10? Thanks you very much in advance :)

[mackowski]

Yes. So far I added CS that start from letters A, B and C. During next few days I will add rest of them.

[righettod]

Cool, thanks you so much for the help!!!

[mackowski]

I finished adding all CS to proactive controls index.
Please review it!

[mackowski]

We also have to decide what to do with CSs that does not fit to top 10 OPC list.

[righettod]

Amazing job 🥇
I have made some little comments.
Feel free to ping me if you disagree or if you have any questions/comments.
Thanks for all 😃

[ThunderSon]

Kindly check the comments and let's discuss them.

[ThunderSon]

I am neutral if this should be added or not. Docker is more of securing the infrastructure, and contains a little bit of securing secrets, not actually related to the application that the user will be accessing. @righettod What do you think about this?

[righettod]

With Docker, application is often considered as a "docker image" so it can be interesting to reference the docker CS in adequate section in order to give hint to dev team when packaging the app as "container", what do you think guys ?

[ThunderSon]

I wasn't able to actually map it to any of the mentioned proactive controls.

[mackowski]

Docker is probably out of scope of this, the best place to put it is "Leverage Security Frameworks and Libraries" but docker is not a security tool.

[mackowski]

@ThunderSon thanks for review. I addressed most of the yours suggestions and added a comment for rest of them.

[mackowski]

I updated this PR with adding All CSs to the index. I think that it is ready to merge.

[righettod]

Ok i will do it asap :)

[righettod]

@mackowski @ThunderSon PR Merged :)
I add me a issue to add the add Index to README + offline website...