OWASP Proactive Controls

Software developers are the foundation of any application. To achieve secure software, developers must be supported and helped by the organization they author code for. As software developers author the code that makes up a web application, they need to embrace and practice a wide variety of secure coding techniques. All tiers of a web application, the user interface, the business logic, the controller, the database code and more – all need to be developed with security in mind. This can be a very difficult task and developers are often set up for failure.


Most developers did not learn about secure coding or crypto in school. The languages and frameworks that developers use to build web applications are often lacking critical core controls or are insecure by default in some way. It is also very rare when organizations provide developers with prescriptive requirements that guide them down the path of secure software. And even when they do, there may be security flaws inherent in the requirements and designs. When it comes to software, developers are often set up to lose the security game.


The OWASP Top Ten Proactive Controls 2016 is a list of security techniques that should be included in every software development project. They are listed in order of importance, with control number 1 being the most important:

  • Verify for Security Early and Often
  • Parameterize Queries
  • Encode Data
  • Validate All Inputs
  • Implement Identity and Authentication Controls
  • Implement Appropriate Access Controls
  • Protect Data
  • Implement Logging and Intrusion Detection
  • Leverage Security Frameworks and Libraries
  • Error and Exception Handling


This Working Session will result in an updated list of OWASP Proactive Controls.


The target audience for this Working Session is: • Security Professionals • AppSec teams • Tool vendors —

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions): Current list of Top 10 Proactive Controls


Related Working Session(s)

Back to list of all Working Sessions and Tracks

Edit this page here