
Clojure Web Security - 0wl3x
https://lispcast.com/clojure-web-security/
======
markc
This post is a reasonable start, but has some errors and omissions - and is
now out of date since the OWASP Top 10 update.

A few suggested improvements:

Update to use OWASP Top 10 2017
[https://www.owasp.org/index.php/Top_10-2017_Top_10](https://www.owasp.org/index.php/Top_10-2017_Top_10)

Incorporate OWASP Top 10 Proactive controls
[https://www.owasp.org/index.php/OWASP_Proactive_Controls](https://www.owasp.org/index.php/OWASP_Proactive_Controls)

XSS Section refers only to stored XSS. Describe reflected XSS as well.
Describe DOM-based XSS and mitigations.

Provide some examples of Security Misconfiguration

Provide advice on _how_ to keep software patched for security flaws

The post says "Use HTTPS if you can". HTTPS is not optional for web security.

