From Cybersec Standards
This is a guide for implementing technical security controls in order to achieve compliance with data protection and privacy laws.
OWASP-Recommended Security Controls:
- If state data must be stored on the client, use encryption and integrity checking on the server side to catch state tampering
- Securely implement transaction authorization to protect the transaction integrity
- Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks