Your checklists (
0
)
AI Checklist Generator
From the makers of
Manifestly Checklists
Sign in
Email address
Email me a magic link
Home
> ATLAS MITRE and OWASP top 10 for secure development
ATLAS MITRE and OWASP top 10 for secure development
Authentication and Authorization
Implement strong password policies
Use multi-factor authentication
Limit access to sensitive data based on user roles
Input Validation
Validate and sanitize all user input
Use parameterized queries to prevent SQL injection
Implement CSRF protection
Secure Configuration
Follow secure coding practices
Keep software and libraries up to date
Disable unnecessary services and ports
Injection
Use parameterized queries to prevent SQL injection
Sanitize user input to prevent XSS attacks
Validate and encode user input to prevent LDAP injection
Broken Authentication
Implement strong password policies
Use multi-factor authentication
Limit failed login attempts
Sensitive Data Exposure
Encrypt sensitive data at rest and in transit
Use secure protocols for data transfer
Limit access to sensitive data based on user roles
XML External Entities (XXE)
Disable external entity processing in XML parsers
Validate and sanitize XML input
Use secure XML parsing libraries
Broken Access Control
Implement role-based access control
Enforce least privilege access
Monitor and log all access control events
Security Misconfiguration
Follow secure coding practices
Keep software and libraries up to date
Disable unnecessary services and ports
Cross-Site Scripting (XSS)
Validate and sanitize all user input
Implement content security policy headers
Use secure coding practices to prevent XSS attacks
Insecure Deserialization
Use secure serialization libraries
Validate serialized data before deserialization
Implement integrity checks on serialized data
Using Components with Known Vulnerabilities
Keep software and libraries up to date
Monitor for vulnerabilities in third-party components
Use a software composition analysis tool
Insufficient Logging and Monitoring
Implement centralized logging and monitoring
Monitor for suspicious activities and security events
Respond to security incidents in a timely manner
Download CSV
Download JSON
Download Markdown
Use in Manifestly
Use in Manifestly