diff --git a/docs/archive/2018/0x01-about-owasp.md b/docs/archive/2018/0x01-about-owasp.md index 1e749dd..79964ab 100644 --- a/docs/archive/2018/0x01-about-owasp.md +++ b/docs/archive/2018/0x01-about-owasp.md @@ -1,5 +1,9 @@ # About OWASP +!!! warning "New Version Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. The current version is the [OWASP Top 10 Proactive Controls 2024](./../2024/introduction/about-owasp.md)! + The *Open Web Application Security Project* (OWASP) is a 501c3 non for profit educational charity dedicated to enabling organizations to design, develop, acquire, operate, and maintain secure software. All OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We can be found at [www.owasp.org](https://www.owasp.org). OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost effective information about application security. diff --git a/docs/archive/2018/0x02-about-project.md b/docs/archive/2018/0x02-about-project.md index 1cc8164..3496be8 100644 --- a/docs/archive/2018/0x02-about-project.md +++ b/docs/archive/2018/0x02-about-project.md @@ -1,5 +1,9 @@ # About this Project +!!! warning "New Version Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. The current version is the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md)! + Insecure software is undermining our financial, healthcare, defense, energy, and other critical infrastructure worldwide. As our digital, global infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems. ## Aim & Objective diff --git a/docs/archive/2018/0x03-about-structure.md b/docs/archive/2018/0x03-about-structure.md index edb8a6b..5fe9bfc 100644 --- a/docs/archive/2018/0x03-about-structure.md +++ b/docs/archive/2018/0x03-about-structure.md @@ -1,5 +1,9 @@ # Document Structure +!!! warning "New Version Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. The current version is the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md)! + This document is structured as a list of security controls. Each control is described as follows: ## Cx: Control Name diff --git a/docs/archive/2018/0x04-introduction.md b/docs/archive/2018/0x04-introduction.md index ce3eb02..8ec6107 100644 --- a/docs/archive/2018/0x04-introduction.md +++ b/docs/archive/2018/0x04-introduction.md @@ -1,5 +1,9 @@ # Introduction +!!! warning "New Version Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. The current version is the [OWASP Top 10 Proactive Controls 2024](./../2024/the-top-10/index.md)! + The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be considered for every software development project. This document is written for developers to assist those new to secure development. One of the main goals of this document is to provide concrete practical guidance that helps developers build secure software. These techniques should be applied proactively at the early stages of software development to ensure maximum effectiveness. diff --git a/docs/archive/2018/c1-security-requirements.md b/docs/archive/2018/c1-security-requirements.md index 40a71ef..0d459f1 100644 --- a/docs/archive/2018/c1-security-requirements.md +++ b/docs/archive/2018/c1-security-requirements.md @@ -1,5 +1,9 @@ # C1: Define Security Requirements +!!! warning "New Version of the Control Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. You can find information about the same control within the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md) within [C4: Address Security from the Start](./../2024/the-top-10/c4-secure-architecture.md)! + ## Description A security requirement is a statement of needed security functionality that ensures one of many different security properties of software is being satisfied. Security requirements are derived from industry standards, applicable laws, and a history of past vulnerabilities. Security requirements define new features or additions to existing features to solve a specific security problem or eliminate a potential vulnerability. diff --git a/docs/archive/2018/c10-errors-exceptions.md b/docs/archive/2018/c10-errors-exceptions.md index f3720f5..0931c35 100644 --- a/docs/archive/2018/c10-errors-exceptions.md +++ b/docs/archive/2018/c10-errors-exceptions.md @@ -1,5 +1,9 @@ # C10: Handle all Errors and Exceptions +!!! warning "New Version of the Control Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. You can find information about the same control within the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md) within [C3: Validate all Input & Handle Exceptions](./../2024/the-top-10/c3-validate-input-and-handle-exceptions.md)! + ## Description Exception handling is a programming concept that allows an application to respond to different error states (like network down, or database connection failed, etc) in various ways. Handling exceptions and errors correctly is critical to making your code reliable and secure. diff --git a/docs/archive/2018/c2-leverage-security-frameworks-libraries.md b/docs/archive/2018/c2-leverage-security-frameworks-libraries.md index 38d40e7..7642ce7 100644 --- a/docs/archive/2018/c2-leverage-security-frameworks-libraries.md +++ b/docs/archive/2018/c2-leverage-security-frameworks-libraries.md @@ -1,5 +1,9 @@ # C2: Leverage Security Frameworks and Libraries +!!! warning "New Version of the Control Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. You can find information about the same control within the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md) within [C6: Keep your Components Secure](./../2024/the-top-10/c6-use-secure-dependencies.md)! + ## Description Secure coding libraries and software frameworks with embedded security help software developers guard against security-related design and implementation flaws. A developer writing an application from scratch might not have sufficient knowledge, time, or budget to properly implement or maintain security features. Leveraging security frameworks helps accomplish security goals more efficiently and accurately. diff --git a/docs/archive/2018/c3-secure-database.md b/docs/archive/2018/c3-secure-database.md index 874661d..e24987f 100644 --- a/docs/archive/2018/c3-secure-database.md +++ b/docs/archive/2018/c3-secure-database.md @@ -1,5 +1,9 @@ # C3: Secure Database Access +!!! warning "New Version of the Control Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. You can find information about the same control within the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md) within [C3: Validate all Input & Handle Exceptions](./../2024/the-top-10/c3-validate-input-and-handle-exceptions.md)! + ## Description This section describes secure access to all data stores, including both relational databases and NoSQL databases. Some areas to consider: diff --git a/docs/archive/2018/c4-encode-escape-data.md b/docs/archive/2018/c4-encode-escape-data.md index 5c9bb28..38c8af0 100644 --- a/docs/archive/2018/c4-encode-escape-data.md +++ b/docs/archive/2018/c4-encode-escape-data.md @@ -1,5 +1,9 @@ # C4: Encode and Escape Data +!!! warning "New Version of the Control Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. You can find information about the same control within the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md) within [C3: Validate all Input & Handle Exceptions](./../2024/the-top-10/c3-validate-input-and-handle-exceptions.md)! + ## Description **Encoding** and escaping are defensive techniques meant to stop injection attacks. Encoding (commonly called "Output Encoding") involves translating special characters into some different but equivalent form that is no longer dangerous in the target interpreter, for example translating the ``<`` character into the ``<`` string when writing to an HTML page. **Escaping** involves adding a special character before the character/string to avoid it being misinterpreted, for example, adding a ``\`` character before a ``"`` (double quote) character so that it is interpreted as text and not as closing a string. diff --git a/docs/archive/2018/c5-validate-inputs.md b/docs/archive/2018/c5-validate-inputs.md index e554532..88d1789 100644 --- a/docs/archive/2018/c5-validate-inputs.md +++ b/docs/archive/2018/c5-validate-inputs.md @@ -1,5 +1,9 @@ # C5: Validate All Inputs +!!! warning "New Version of the Control Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. You can find information about the same control within the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md) within [C3: Validate all Input & Handle Exceptions](./../2024/the-top-10/c3-validate-input-and-handle-exceptions.md)! + ## Description Input validation is a programming technique that ensures only properly formatted data may enter a software system component. diff --git a/docs/archive/2018/c6-digital-identity.md b/docs/archive/2018/c6-digital-identity.md index 5f4619a..b1eefcb 100644 --- a/docs/archive/2018/c6-digital-identity.md +++ b/docs/archive/2018/c6-digital-identity.md @@ -1,5 +1,9 @@ # C6: Implement Digital Identity +!!! warning "New Version of the Control Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. You can find information about the same control within the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md) within [C7: Secure Digital Identities](./../2024/the-top-10/c7-secure-digital-identities.md)! + ## Description Digital Identity is the unique representation of a user (or other subject) as they engage in an online transaction. Authentication is the process of verifying that an individual or entity is who they claim to be. Session management is a process by which a server maintains the state of the users authentication so that the user may continue to use the system without re-authenticating. The [NIST Special Publication 800-63B: Digital Identity Guidelines (Authentication and Life Cycle Management)](https://pages.nist.gov/800-63-3/sp800-63b.html) provides solid guidance on implementing digital identity, authentication and session management controls. diff --git a/docs/archive/2018/c7-enforce-access-controls.md b/docs/archive/2018/c7-enforce-access-controls.md index 177db10..6d2aa94 100644 --- a/docs/archive/2018/c7-enforce-access-controls.md +++ b/docs/archive/2018/c7-enforce-access-controls.md @@ -1,5 +1,9 @@ # C7: Enforce Access Controls +!!! warning "New Version of the Control Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. You can find information about the same control within the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md) within [C1: Implement Access Control](./../2024/the-top-10/c1-accesscontrol.md)! + ## Description Access Control (or Authorization) is the process of granting or denying *specific requests* from a user, program, or process. Access control also involves the act of *granting and revoking those privileges*. diff --git a/docs/archive/2018/c8-protect-data-everywhere.md b/docs/archive/2018/c8-protect-data-everywhere.md index 0f034ef..a3ec9a4 100644 --- a/docs/archive/2018/c8-protect-data-everywhere.md +++ b/docs/archive/2018/c8-protect-data-everywhere.md @@ -1,5 +1,10 @@ # C8: Protect Data Everywhere +!!! warning "New Version of the Control Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. You can find information about the same control within the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md) within [C2: Use Cryptography to Protect Data](./../2024/the-top-10/c2-crypto.md)! + + ## Description Sensitive data such as passwords, credit card numbers, health records, personal information and business secrets require extra protection, particularly if that data falls under privacy laws (EU's General Data Protection Regulation GDPR), financial data protection rules such as PCI Data Security Standard (PCI DSS) or other regulations. diff --git a/docs/archive/2018/c9-security-logging.md b/docs/archive/2018/c9-security-logging.md index f164ad0..c31188d 100644 --- a/docs/archive/2018/c9-security-logging.md +++ b/docs/archive/2018/c9-security-logging.md @@ -1,5 +1,9 @@ # C9: Implement Security Logging and Monitoring +!!! warning "New Version of the Control Available!" + + You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. You can find information about the same control within the [OWASP Top 10 Proactive Controls 2024](./../2024/index.md) within [C9: Implement Security Logging and Monitoring ](./../2024/the-top-10/c9-security-logging-and-monitoring.md)! + ## Description Logging is a concept that most developers already use for debugging and diagnostic purposes. Security logging is an equally basic concept: to log security information during the runtime operation of an application. Monitoring is the live review of application and security logs using various forms of automation. The same tools and patterns can be used for operations, debugging and security purposes. diff --git a/mkdocs.yml b/mkdocs.yml index c398fcf..5506c6d 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -35,6 +35,8 @@ theme: accent: lime markdown_extensions: + - admonition + - pymdownx.details - pymdownx.highlight: anchor_linenums: true line_spans: __span