# Application Security Handbook A knowledge base of best practices for application security. Feel free to point out mistakes and write your ideas [here](https://github.com/0xn3va/application-security-handbook/issues/new). ## Overview This project contains a knowledge base of best practices for application security for software developers and application security engineers. Best practices are divided into sections, each of which contains requirements for the implementation of certain functionality. Requirements can be required or advanced, the following labels are used to separate them: * ![base](/files/QJuMWI21M60ZKzo0mFAN) Required requirements. * ![advanced](/files/P0T6i9QsRZT0gGQKpPIC) Advanced requirements. Required requirements represent a necessary minimum that must be taken into account during implementation. Advanced requirements include best practices, the implementation of which is desirable when possible. {% hint style="info" %} Please note that some requirements may have a negative impact on business processes or may not be applicable to an application. In this case, adapt them taking into account local conditions. {% endhint %} ## Why does it exist? There are many resources where you can find the best practices for secure development like [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org) or [OWASP Application Security Verification Standard](https://owasp.org/www-project-application-security-verification-standard/). However, all of these resources are more focused on the infosec guys. From the developer's point of view, these resources are too cumbersome and require their processing into understandable development requirements. This project exists precisely to facilitate this work and to provide best practices in the form of requirements that can be directly used in development tasks. ## Credits * [rodespsan](https://github.com/rodespsan) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://0xn3va.gitbook.io/application-security-handbook/introduction.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.