概述概述 简介输入验证 验证数据清洗 输出编码 XSSSQL注入 Authentication and Password Management Communicating authentication dataValidation and StoragePassword policiesOther guidelines Session ManagementAccess ControlCryptographic Practices Pseudo-Random Generators Error Handling and Logging Error HandlingLogging Data ProtectionCommunication Security HTTP/TLSWebSockets System ConfigurationDatabase Security ConnectionsAuthenticationParameterized QueriesStored Procedures File ManagementMemory ManagementGeneral Coding PracticesHow To Contribute