### Generate PDF for OWASP SCP Quick Reference Guide (Portuguese) Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/v2/pt/pt/README.md This Pandoc command compiles the Markdown source files into a PDF document for the Portuguese version of the OWASP Secure Coding Practices Quick Reference Guide. It includes various introductory and appendix sections, requiring a TeX installation for PDF output. ```bash pandoc -o OWASP_SCP_Quick_Reference_Guide.pt-PT.pdf \ -r markdown+footnotes title.pdf.yaml \ 01-introduction/01-front.markdown \ 01-introduction/02-toc.markdown \ 01-introduction/03-credits.markdown \ 01-introduction/04-copyright.markdown \ 01-introduction/05-introduction.markdown \ 02-checklist/05-checklist.markdown \ 03-appendices/03-overview.markdown \ 03-appendices/05-glossary.markdown \ 03-appendices/07-references.markdown \ 03-appendices/08-footnotes.markdown ``` -------------------------------- ### Generate OWASP SCP Guide as PDF using Pandoc Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/v2/en/us/README.md This command line snippet demonstrates how to compile the OWASP Secure Coding Practices Quick Reference Guide from its Markdown source files into a PDF document using Pandoc. A TeX distribution, such as pdflatex, is required for PDF output. On macOS, this dependency can be satisfied by running `brew install basictex`. ```bash pandoc -o OWASP_SCP_Quick_Reference_Guide.en-US.pdf title.pdf.yaml \ 01-introduction/01-front.markdown \ 01-introduction/02-toc.markdown \ 01-introduction/04-copyright.markdown \ 01-introduction/05-introduction.markdown \ 02-checklist/05-checklist.markdown \ 03-appendices/03-overview.markdown \ 03-appendices/05-glossary.markdown \ 03-appendices/07-references.markdown ``` -------------------------------- ### Generate EBook for OWASP SCP Quick Reference Guide (Portuguese) Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/v2/pt/pt/README.md This Pandoc command compiles the Markdown source files into an EPUB EBook for the Portuguese version of the OWASP Secure Coding Practices Quick Reference Guide. It includes various introductory and appendix sections, providing a portable digital format. ```bash pandoc -o OWASP_SCP_Quick_Reference_Guide.pt-PT.epub \ -r markdown+footnotes title.yaml \ 01-introduction/01-front.markdown \ 01-introduction/02-toc.markdown \ 01-introduction/03-credits.markdown \ 01-introduction/04-copyright.markdown \ 01-introduction/05-introduction.markdown \ 02-checklist/05-checklist.markdown \ 03-appendices/03-overview.markdown \ 03-appendices/05-glossary.markdown \ 03-appendices/07-references.markdown \ 03-appendices/08-footnotes.markdown ``` -------------------------------- ### Generate OWASP SCP Guide as EBook (EPUB) using Pandoc Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/v2/en/us/README.md This command line snippet shows how to compile the OWASP Secure Coding Practices Quick Reference Guide from its Markdown source files into an EPUB EBook document using Pandoc. This process does not have the same TeX dependency as PDF generation. ```bash pandoc -o OWASP_SCP_Quick_Reference_Guide.en-US.epub title.yaml \ 01-introduction/01-front.markdown \ 01-introduction/02-toc.markdown \ 01-introduction/04-copyright.markdown \ 01-introduction/05-introduction.markdown \ 02-checklist/05-checklist.markdown \ 03-appendices/03-overview.markdown \ 03-appendices/05-glossary.markdown \ 03-appendices/07-references.markdown ``` -------------------------------- ### Generate OWASP SCP Guide as PDF using Pandoc Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/README.md This Pandoc command compiles the specified Markdown files into a PDF document named 'OWASP_SCP_Quick_Reference_Guide.en-US.pdf'. It requires a TeX distribution (e.g., BasicTeX on macOS via `brew install basictex`) to provide `pdflatex` for PDF output. ```bash pandoc --output=OWASP_SCP_Quick_Reference_Guide.en-US.pdf title.pdf.yaml \ 01-introduction/01-front.markdown \ 01-introduction/02-toc.markdown \ 01-introduction/04-copyright.markdown \ 01-introduction/05-introduction.markdown \ 02-checklist/05-checklist.markdown \ 03-appendices/03-overview.markdown \ 03-appendices/05-glossary.markdown \ 03-appendices/07-references.markdown ``` -------------------------------- ### Generate EBook for OWASP SCP Guide (pt-BR) Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/v2/pt/br/README.md This shell command uses `pandoc` to compile the markdown source files into an EPUB EBook document for the Portuguese (Brazil) version of the OWASP Secure Coding Practices Quick Reference Guide. It includes a title YAML file and various content markdown files. ```Shell pandoc -o OWASP_SCP_Quick_Reference_Guide.pt-BR.epub \ -r markdown+footnotes title.yaml \ 01-introduction/01-front.markdown \ 01-introduction/02-toc.markdown \ 01-introduction/03-credits.markdown \ 01-introduction/04-copyright.markdown \ 01-introduction/05-introduction.markdown \ 02-checklist/05-checklist.markdown \ 03-appendices/03-overview.markdown \ 03-appendices/05-glossary.markdown \ 03-appendices/07-references.markdown \ 03-appendices/08-footnotes.markdown ``` -------------------------------- ### Generate OWASP SCP Quick Reference Guide EBook with Pandoc Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/v2/zh/cn/README.md This shell command uses Pandoc with the XeLaTeX engine to compile the Chinese (zh-CN) version of the OWASP Secure Coding Practices Quick Reference Guide into an EPUB eBook. It combines multiple markdown source files and a YAML title configuration. ```Shell pandoc -o OWASP_SCP_Quick_Reference_Guide.zh-CN.epub \ --pdf-engine=xelatex -r markdown title.yaml \ 01-introduction/01-front.markdown \ 01-introduction/02-toc.markdown \ 01-introduction/03-credits.markdown \ 01-introduction/04-copyright.markdown \ 01-introduction/05-introduction.markdown \ 02-checklist/05-checklist.markdown \ 03-appendices/03-overview.markdown \ 03-appendices/05-glossary.markdown \ 03-appendices/07-references.markdown ``` -------------------------------- ### Generate OWASP SCP Guide as EBook using Pandoc Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/README.md This Pandoc command compiles the specified Markdown files into an EPUB EBook document named 'OWASP_SCP_Quick_Reference_Guide.en-US.epub'. It uses a different YAML metadata file ('title.yaml') compared to the PDF generation. ```bash pandoc --output=OWASP_SCP_Quick_Reference_Guide.en-US.epub title.yaml \ 01-introduction/01-front.markdown \ 01-introduction/02-toc.markdown \ 01-introduction/04-copyright.markdown \ 01-introduction/05-introduction.markdown \ 02-checklist/05-checklist.markdown \ 03-appendices/03-overview.markdown \ 03-appendices/05-glossary.markdown \ 03-appendices/07-references.markdown ``` -------------------------------- ### Generate OWASP SCP Quick Reference Guide PDF with Pandoc Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/v2/zh/cn/README.md This shell command uses Pandoc with the XeLaTeX engine to compile the Chinese (zh-CN) version of the OWASP Secure Coding Practices Quick Reference Guide into a PDF document. It combines multiple markdown source files and a YAML title configuration. ```Shell pandoc -o OWASP_SCP_Quick_Reference_Guide.zh-CN.pdf \ --pdf-engine=xelatex -r markdown title.pdf.yaml \ 01-introduction/01-front.markdown \ 01-introduction/02-toc.markdown \ 01-introduction/03-credits.markdown \ 01-introduction/04-copyright.markdown \ 01-introduction/05-introduction.markdown \ 02-checklist/05-checklist.markdown \ 03-appendices/03-overview.markdown \ 03-appendices/05-glossary.markdown \ 03-appendices/07-references.markdown ``` -------------------------------- ### Generate PDF for OWASP SCP Guide (pt-BR) Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/v2/pt/br/README.md This shell command uses `pandoc` to compile the markdown source files into a PDF document for the Portuguese (Brazil) version of the OWASP Secure Coding Practices Quick Reference Guide. It includes a title YAML file and various content markdown files. A TeX distribution (e.g., pdflatex) is required for PDF output. ```Shell pandoc -o OWASP_SCP_Quick_Reference_Guide.pt-BR.pdf \ -r markdown+footnotes title.pdf.yaml \ 01-introduction/01-front.markdown \ 01-introduction/02-toc.markdown \ 01-introduction/03-credits.markdown \ 01-introduction/04-copyright.markdown \ 01-introduction/05-introduction.markdown \ 02-checklist/05-checklist.markdown \ 03-appendices/03-overview.markdown \ 03-appendices/05-glossary.markdown \ 03-appendices/07-references.markdown \ 03-appendices/08-footnotes.markdown ``` -------------------------------- ### Memory Management Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines 'Memory Management' as controls addressing memory and buffer usage. ```APIDOC Concept: Memory Management Description: Set of controls addressing memory and buffer usage. ``` -------------------------------- ### Security Requirements Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines 'Security Requirements' as design and functional requirements ensuring secure software building and deployment. ```APIDOC Concept: Security Requirements Description: Set of design and functional requirements ensuring software is built and deployed in a secure manner. ``` -------------------------------- ### Session Management Guidelines Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines session management controls for secure HTTP session handling in web applications and provides guidelines for protecting session identifiers. ```APIDOC Concept: Session Management Description: Set of controls ensuring web applications handle HTTP sessions securely. Guidelines: - Do not expose session identifiers in URLs, error messages, or logs. - Session identifiers should only be located in the HTTP cookie. ``` -------------------------------- ### Secure Log Event Data Guidelines Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Provides guidelines for logging security-relevant event data, including required fields and monitoring for specific attack patterns. ```APIDOC Guideline: Log Event Data Required Fields: 1. Time stamp from a trusted system component 2. Severity rating for each event 3. Tagging of security relevant events (if mixed) 4. Identity of the account/user that caused the event 5. Source IP address associated with the request 6. Event outcome (success or failure) 7. Description of the event Monitoring: Implement monitoring to identify attacks against multiple user accounts using the same password (to bypass standard lockouts). ``` -------------------------------- ### Output Encoding Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines 'Output Encoding' as controls ensuring safe data output by the application through encoding. ```APIDOC Concept: Output Encoding Description: Set of controls addressing the use of encoding to ensure data output by the application is safe. ``` -------------------------------- ### Security Controls Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines 'Security Controls' as actions mitigating vulnerabilities and ensuring software behaves as expected. ```APIDOC Concept: Security Controls Description: Action that mitigates a potential vulnerability and helps ensure software behaves only in the expected manner. ``` -------------------------------- ### Sequential Authentication Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines 'Sequential Authentication' as requesting authentication data on successive pages instead of a single page. ```APIDOC Concept: Sequential Authentication Description: Authentication data requested on successive pages rather than all at once on a single page. ``` -------------------------------- ### Path Traversal Prevention Guideline Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Guideline to prevent path traversal attacks by checking for 'dot-dot-slash' characters and their UTF-8 encoded equivalents. ```APIDOC Guideline: Check for 'dot-dot-slash' (../ or ..\\) path alterations. Address alternate representations like %c0%ae%c0%ae/ for UTF-8 extended character sets. ``` -------------------------------- ### Secure Application Update Guidelines Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Provides guidelines for safe application updates from trusted sources, including cryptographic signatures for automatic updates and encrypted transfer channels. ```APIDOC Guideline: Safe Updates Method: Updating application from trusted sources. Automatic Updates: - Use cryptographic signatures for code. - Ensure download clients verify signatures. - Use encrypted channels to transfer code from host server. ``` -------------------------------- ### Integrity Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines 'Integrity' as the assurance that information is accurate, complete, valid, and unaltered by unauthorized actions. ```APIDOC Concept: Integrity Description: Assurance that information is accurate, complete, valid, and unaltered by unauthorized action. ``` -------------------------------- ### Parameterized Queries / Prepared Statements Explanation Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Explains parameterized queries/prepared statements as a method to separate query structure from data using placeholders, preventing SQL alteration by combining parameters with a compiled statement. ```APIDOC Concept: Parameterized Queries / Prepared Statements Description: Keeps query and data separate using placeholders. Process: Query structure defined with placeholders, SQL statement sent to database and prepared, then combined with parameter values. Benefit: Prevents query alteration as parameters combine with compiled statement, not a SQL string. ``` -------------------------------- ### Password Length Requirements Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Outlines password length requirements, suggesting 16 characters or multi-word passphrases as better alternatives to the common eight characters. ```APIDOC Guideline: Password Length Requirements: Established by policy or regulation. Common: 8 characters. Better: 16 characters or multi-word pass phrases. ``` -------------------------------- ### Persistent Logins and Session Termination Guidelines Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Recommends disallowing persistent logins and enforcing periodic session terminations, especially for critical systems, with termination times supporting business needs and user notification. ```APIDOC Guideline: Persistent Logins Recommendation: Disallow persistent logins; enforce periodic session terminations (even for active sessions). Applicability: Especially for applications with rich network connections or critical systems. Considerations: Termination times should support business requirements; user notification to mitigate negative impacts. ``` -------------------------------- ### Password Complexity Requirements Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Describes password complexity requirements, emphasizing the need for credentials to withstand typical attacks in the deployed environment, often including diverse character types. ```APIDOC Guideline: Password Complexity Requirements: Established by policy or regulation. Purpose: Credentials sufficient to withstand typical attacks in the deployed environment. Example: Requiring alphabetic, numeric, and/or special characters. ``` -------------------------------- ### Impact Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines 'Impact' as the measure of negative business effect resulting from an undesired event or exploited vulnerability. ```APIDOC Concept: Impact Description: Measure of the negative effect to the business from an undesired event or exploited vulnerability. ``` -------------------------------- ### Mitigate Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines 'Mitigate' as steps taken to reduce vulnerability severity, including removal, increased exploit difficulty, or reduced impact. ```APIDOC Concept: Mitigate Description: Steps taken to reduce the severity of a vulnerability. Methods: Removing, making more difficult to exploit, or reducing negative impact of exploitation. ``` -------------------------------- ### HTML Entity Encoding Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Explains HTML entity encoding as the process of replacing ASCII characters with their HTML entity equivalents to mitigate client-side attacks. ```APIDOC Concept: HTML Entity Encoding Description: Process of replacing certain ASCII characters with their HTML entity equivalents. Example: '<' becomes '<' Purpose: HTML entities are inert in interpreters, mitigating client-side attacks. ``` -------------------------------- ### Sanitize Data Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines 'Sanitize Data' as the process of making potentially harmful data safe via removal, replacement, encoding, or escaping characters. ```APIDOC Concept: Sanitize Data Description: Process of making potentially harmful data safe. Methods: Data removal, replacement, encoding, or escaping of characters. ``` -------------------------------- ### Multi-Factor Authentication (MFA) Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines Multi-Factor Authentication (MFA) as an authentication process requiring multiple distinct credential types, typically based on something a user has, knows, or is. ```APIDOC Concept: Multi-Factor Authentication (MFA) Description: Authentication process requiring multiple distinct credential types. Typical Factors: - Something they have (e.g., mobile/cell phone) - Something they know (e.g., PIN) - Something they are (e.g., biometric data) ``` -------------------------------- ### Input Validation Definition Source: https://github.com/owasp/secure-coding-practices-quick-reference-guide/blob/main/draft/en/us/03-appendices/05-glossary.markdown Defines 'Input Validation' as controls verifying input data properties against expected values, including types, lengths, ranges, character sets, and exclusion of hazardous characters. ```APIDOC Concept: Input Validation Description: Controls verifying input data properties (types, lengths, ranges, character sets) against expectations, excluding hazardous characters. ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.