👨‍💻
Application Security Handbook
  • Application Security Handbook
  • Web Application
    • Authentication
      • Authentication with Login and Password
      • Authentication with Phone Number
      • OAuth 2.0 Authentication
      • Multi-factor Authentication
      • Default Passwords
      • Password Change
      • Password Policy
      • Password Reset
      • Password Storage
      • One Time Password (OTP)
      • Email Address Confirmation
    • Authorization
    • Concept of Trusted Devices
    • Content Security Policy (CSP)
    • Cookie Security
    • Cryptography
      • Cryptographic Keys Management
      • Encryption
      • Hash-based Message Authentication Code (HMAC)
      • Hashing
      • Random Generators
      • Universal Unique Identifier (UUID)
    • Error and Exception Handling
    • File Upload
    • Input Validation
    • JSON Web Token (JWT)
    • Logging and Monitoring
    • Output Encoding
    • Regular Expressions
    • Sensitive Data Management
    • Session Management
    • Transport Layer Protection
    • Vulnerability Mitigation
      • Brute-force
      • Command Injection
      • Cross-Site Request Forgery (CSRF)
      • Cross-Site Scripting (XSS)
      • Mass Parameter Assignment
      • Parameter Pollution
      • Path Traversal
      • Regular Expression Denial of Service (ReDoS)
      • SQL Injection (SQLi)
      • XML External Entity (XXE) Injection
Powered by GitBook
On this page
  • Overview
  • Why does it exist?
  • Credits

Application Security Handbook

NextAuthentication

Last updated 1 year ago

A knowledge base of best practices for application security.

Feel free to point out mistakes and write your ideas .

Overview

This project contains a knowledge base of best practices for application security for software developers and application security engineers.

Best practices are divided into sections, each of which contains requirements for the implementation of certain functionality. Requirements can be required or advanced, the following labels are used to separate them:

  • Required requirements.

  • Advanced requirements.

Required requirements represent a necessary minimum that must be taken into account during implementation. Advanced requirements include best practices, the implementation of which is desirable when possible.

Please note that some requirements may have a negative impact on business processes or may not be applicable to an application. In this case, adapt them taking into account local conditions.

Why does it exist?

There are many resources where you can find the best practices for secure development like or . However, all of these resources are more focused on the infosec guys. From the developer's point of view, these resources are too cumbersome and require their processing into understandable development requirements. This project exists precisely to facilitate this work and to provide best practices in the form of requirements that can be directly used in development tasks.

Credits

here
OWASP Cheat Sheet Series
OWASP Application Security Verification Standard
rodespsan
base
advanced