The Open Web Application Security Project (OWASP) is a 501c3 non for profit educational charity dedicated to enabling organizations to design, develop, acquire, operate, and maintain secure software. All OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We can be found at www.owasp.org.
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to
provide unbiased, practical, cost effective information about application security.
OWASP is not affiliated with any technology company. Similar to many open source software
projects, OWASP produces many types of materials in a collaborative and open way. The
OWASP Foundation is a not-for-profit entity that ensures the project’s long-term success.
The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be
considered for every software development project. This document is written for developers
to assist those new to secure development.
One of the main goals of this document is to provide concrete practical guidance that helps
developers build secure software. These techniques should be applied proactively at the early
stages of software development to ensure maximum effectiveness.
The Top 10 Proactive Controls
The list is ordered by importance with list item number 1 being the most important:
C1: Define Security Requirements
C2: Leverage Security Frameworks and Libraries
C3: Secure Database Access
C4: Encode and Escape Data
C5: Validate All Inputs
C6: Implement Digital Identity
C7: Enforce Access Controls
C8: Protect Data Everywhere
C9: Implement Security Logging and Monitoring
C10: Handle All Errors and Exceptions