Home
Website

Sign in

OWASP Cheat Sheets

Kate Bulpit

Jan 31, 2022 • 1 min read

OWASP Cheat sheets broken down by STRIDE category

Explains STRIDE at the top level and provides links to each of the elements
https://en.wikipedia.org/wiki/STRIDE_(security)
Spoofing
https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Multifactor_Authentication_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html
Tampering

https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
Repudiation

https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html
Information Disclosure

https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
Denial of Service

https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
Elevation of Privilege

https://cheatsheetseries.owasp.org/cheatsheets/Access_Control_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html

Sign up for more like this.

Enter your email

Securing Santa's Sleigh: A Whimsical Threat Model for Software Professionals

As software professionals, we often find ourselves entrenched in cybersecurity's serious and complex world, dissecting threats and weaknesses in systems integral to our daily lives. However, sometimes, a lighter approach can offer fresh perspectives and insights. In the spirit of the holiday season, let's embark on

Dec 8, 2023 3 min read

Embracing the Odyssey: Why Threat Modelling is a Continual Pursuit in Software Security

Threat modelling is an integral component of the security architecture process, and its importance cannot be overstated in today's digital landscape. At its core, threat modelling is a proactive approach to identifying, prioritising, and managing the potential threats to a system. It systematically analyses what can go wrong

Nov 30, 2023 3 min read

From Plymouth Rock to Cyber Blocks: A Unique Threat Model Analysis of the First Thanksgiving

As software professionals, we often find ourselves entrenched in code, architecture, and cybersecurity. However, sometimes, drawing parallels from history can provide fresh insights into our work. Let's embark on a unique journey back to 1621, to the First Thanksgiving, and apply a modern threat model to this historical

Nov 15, 2023 3 min read

Tutamantic Security Blog © 2024

Powered by Ghost