The OWASP Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development life-cycle.
The focus is on secure coding requirements, rather than on vulnerabilities and exploits. It includes an introduction to Software Security principles and a glossary of key terms. It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.
Downloads for the latest version are available for:
- English (en-US)
- español (es-UY)
- 한국어 (ko-KO)
- português (pt-BR & pt-PT)
- 中文 (zh-CN)
The guide is maintained by OWASP and refer to the project page for further information.
- Introduction
- Software Security Principles Overview
- Secure Coding Practices Checklist
- Links to useful resources
- Glossary of important terminology
- Project pamphlet
- Project presentation
- Slide deck - presented by Keith Turpin on OWASP AppSec USA 2010
- Feedback and revisions history
We hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to this project by adding your comments, questions, and suggestions using the change request form. The Secure Coding Practices Guide is international, if you would like to provide additional translations then we can provide the directory framework to support this.
The content has been migrated from the orginal doc format to markdown,
following pandoc's markdown format.
We welcome additions and corrections to the existing documents;
create a pull request and we will review and accept your changes.
- Go programming language secure coding practices guide, based on the OWASPSecure Coding Practices