add checklist for digital identity

.markdownlint.yaml

@@ -10,7 +10,7 @@ MD013:
   code_blocks: true
   heading_line_length: 80
   headings: true
-  line_length: 120
+  line_length: 125
   stern: true
   strict: false
   tables: true

_data/draft.yaml

@@ -118,33 +118,33 @@ docs:
 - title: '20.1 Introduction'
   url: 20-proactive-control-checklist/01-proactive-control-introduction
 
-- title: '20.2 C1: Define Security Requirements'
+- title: '20.2 Checklist: Define Security Requirements'
   url: 20-proactive-control-checklist/02-define-security-requirements
 
-- title: '20.3 C2: Leverage Security Frameworks and Libraries'
+- title: '20.3 Checklist: Leverage Security Frameworks and Libraries'
   url: 20-proactive-control-checklist/03-frameworks-libraries
 
-- title: '20.4 C3: Secure Database Access'
+- title: '20.4 Checklist: Secure Database Access'
   url: 20-proactive-control-checklist/04-secure-database-access
 
-- title: '20.5 C4: Encode and Escape Data'
+- title: '20.5 Checklist: Encode and Escape Data'
   url: 20-proactive-control-checklist/05-encode-escape-data
 
-- title: '20.6 C5: Validate All Inputs'
+- title: '20.6 Checklist: Validate All Inputs'
   url: 20-proactive-control-checklist/06-validate-inputs
 
-- title: '20.7 C6: Implement Digital Identity'
+- title: '20.7 Checklist: Implement Digital Identity'
   url: 20-proactive-control-checklist/07-digital-identity
 
-- title: '20.8 C7: Enforce Access Controls'
+- title: '20.8 Checklist: Enforce Access Controls'
   url: 20-proactive-control-checklist/08-access-controls
 
-- title: '20.9 C8: Protect Data Everywhere'
+- title: '20.9 Checklist: Protect Data Everywhere'
   url: 20-proactive-control-checklist/09-protect-data
 
-- title: '20.10 C9: Implement Security Logging and Monitoring'
+- title: '20.10 Checklist: Implement Security Logging and Monitoring'
   url: 20-proactive-control-checklist/10-security-logging-monitoring
 
-- title: '20.11 C10: Handle all Errors and Exceptions'
+- title: '20.11 Checklist: Handle all Errors and Exceptions'
   url: 20-proactive-control-checklist/11-handle-errors-exceptions
 

draft/00-toc.md

@@ -69,15 +69,15 @@ and so the content is expected to frequently change._
 
 20 **[OWASP Top Ten Proactive Controls checklist](#owasp-top-ten-proactive-controls-checklist)**  
 20.1 [Introduction](#owasp-top-ten-proactive-controls-introduction)  
-20.2 [C1: Define Security Requirements](#c1-define-security-requirements)  
-20.3 [C2: Leverage Security Frameworks and Libraries](#c2-leverage-security-frameworks-and-libraries)  
-20.4 [C3: Secure Database Access](#c3-secure-database-access)  
-20.5 [C4: Encode and Escape Data](#c4-encode-and-escape-data)  
-20.6 [C5: Validate All Inputs](#c5-validate-all-inputs)  
-20.7 [C6: Implement Digital Identity](#c6-implement-digital-identity)  
-20.8 [C7: Enforce Access Controls](#c7-enforce-access-controls)  
-20.9 [C8: Protect Data Everywhere](#c8-protect-data-everywhere)  
-20.10 [C9: Implement Security Logging and Monitoring](#c9-implement-security-logging-and-monitoring)  
-20.11 [C10: Handle all Errors and Exceptions](#c10-handle-all-errors-and-exceptions)  
+20.2 [Checklist: Define Security Requirements](#checklist-define-security-requirements)  
+20.3 [Checklist: Leverage Security Frameworks and Libraries](#checklist-leverage-security-frameworks-and-libraries)  
+20.4 [Checklist: Secure Database Access](#checklist-secure-database-access)  
+20.5 [Checklist: Encode and Escape Data](#checklist-encode-and-escape-data)  
+20.6 [Checklist: Validate All Inputs](#checklist-validate-all-inputs)  
+20.7 [Checklist: Implement Digital Identity](#checklist-implement-digital-identity)  
+20.8 [Checklist: Enforce Access Controls](#checklist-enforce-access-controls)  
+20.9 [Checklist: Protect Data Everywhere](#checklist-protect-data-everywhere)  
+20.10 [Checklist: Implement Security Logging and Monitoring](#checklist-implement-security-logging-and-monitoring)  
+20.11 [Checklist: Handle all Errors and Exceptions](#checklist-handle-all-errors-and-exceptions)  
 
 \newpage

draft/01-audience.md

@@ -43,7 +43,7 @@ to prevent the acquisition or development of insecure software.
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue01] or a [pull request][pr] .
 
 [issue01]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2001-audience

draft/02-background.md

@@ -39,7 +39,7 @@ These resources provide greater detail and wider context for the various section
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue02] or a [pull request][pr] .
 
 [asvs]: https://owasp.org/www-project-application-security-verification-standard/

draft/04-foundations/01-security-fundamentals.md

@@ -77,7 +77,7 @@ The typical questions that are answered by auditing are "*Who* did *What* *When*
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0401] or a [pull request][pr] .
 
 [issue0401]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2004-foundations/01-security-fundamentals

draft/04-foundations/02-secure-development.md

@@ -170,7 +170,7 @@ There are many OWASP tools and resources to help build security into the SDLC.
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0402] or a [pull request][pr] .
 
 [amass]: https://owasp.org/www-project-amass/

draft/04-foundations/03-security-principles.md

@@ -149,7 +149,7 @@ In addition open source components have the benefit of 'many eyes' and are likel
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0403] or a [pull request][pr] .
 
 [ancs]: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

draft/04-foundations/04-crypto-principles.md

@@ -247,7 +247,7 @@ These protocols prevent adversaries from learning the key or forcing their own k
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0404] or a [pull request][pr] .
 
 [ancs]: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

draft/04-foundations/05-top-ten.md

@@ -23,7 +23,7 @@ and submit your content for review.
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0405] or a [pull request][pr] .
 
 [contribute]: https://github.com/OWASP/www-project-developer-guide/blob/main/contributing.md

draft/05-security-requirements/01-security-requirements.md

@@ -111,7 +111,7 @@ both of which may have a direct impact on the application.
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0501] or a [pull request][pr].
 
 [asvs]: https://owasp.org/www-project-application-security-verification-standard/

draft/05-security-requirements/02-threat-modeling.md

@@ -238,7 +238,7 @@ then that is a perfectly good choice.
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0502] or a [pull request][pr] .
 
 [4QFW]: https://github.com/adamshostack/4QuestionFrame

draft/05-security-requirements/03-risk-profile.md

@@ -94,7 +94,7 @@ Examples:
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0503] or a [pull request][pr] .
 
 [cvss]: https://www.first.org/cvss/

draft/06-secure-design/02-secure-coding.md

@@ -329,7 +329,7 @@ Also not exploitable: `{""result"": [{""object"": ""inside an array""}]}"`
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0602] or a [pull request][pr] .
 
 [issue0602]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2006-secure-design/02-secure-coding

draft/06-secure-design/03-cryptographic-practices.md

@@ -64,7 +64,7 @@ order: 603
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0603] or a [pull request][pr] .
 
 [issue0603]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2006-secure-design/03-cryptographic-practices

draft/06-secure-design/04-application-spoofing.md

@@ -74,7 +74,7 @@ How can it be addressed:
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0604] or a [pull request][pr] .
 
 [issue0604]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2006-secure-design/04-application-spoofing

draft/06-secure-design/05-content-security-policy.md

@@ -150,7 +150,7 @@ Setting rules for Android application:
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0605] or a [pull request][pr] .
 
 [issue0605]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2006-secure-design/05-content-security-policy

draft/06-secure-design/06-exception-error-handling.md

@@ -132,7 +132,7 @@ which can be used later on by the developer to get into the system without havin
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0606] or a [pull request][pr] .
 
 [issue0606]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2006-secure-design/06-exception-error-handling

draft/06-secure-design/07-file-management.md

@@ -56,7 +56,7 @@ order: 607
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0607] or a [pull request][pr] .
 
 [issue0607]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2006-secure-design/07-file-management

draft/06-secure-design/08-memory-management.md

@@ -30,7 +30,7 @@ order: 608
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0608] or a [pull request][pr] .
 
 [issue0608]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2006-secure-design/08-memory-management

draft/07-container-security/02-image-security.md

@@ -130,7 +130,7 @@ Image security, host security, client security, daemon security, runtime securit
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0702] or a [pull request][pr] .
 
 [issue0702]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2007-container-security/02-image-security

draft/08-open-source-software/01-open-source-software.md

@@ -106,7 +106,7 @@ We realise it could be challenging, but if feasible, maintain a list of approved
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0801] or a [pull request][pr] .
 
 [issue0801]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2008-open-source-software/01-open-source-software

draft/09-secure-environment/02-system-hardening.md

@@ -55,7 +55,7 @@ order: 902
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue0902] or a [pull request][pr] .
 
 [issue0902]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2009-secure-environment/02-system-hardening

draft/20-proactive-control-checklist/00-toc.md

@@ -21,15 +21,15 @@ The Introduction will contain more detail and the further sections will expand o
 Sections:
 
 20.1 [Introduction](#owasp-top-ten-proactive-controls-introduction)  
-20.2 [C1: Define Security Requirements](#c1-define-security-requirements)  
-20.3 [C2: Leverage Security Frameworks and Libraries](#c2-leverage-security-frameworks-and-libraries)  
-20.4 [C3: Secure Database Access](#c3-secure-database-access)  
-20.5 [C4: Encode and Escape Data](#c4-encode-and-escape-data)  
-20.6 [C5: Validate All Inputs](#c5-validate-all-inputs)  
-20.7 [C6: Implement Digital Identity](#c6-implement-digital-identity)  
-20.8 [C7: Enforce Access Controls](#c7-enforce-access-controls)  
-20.9 [C8: Protect Data Everywhere](#c8-protect-data-everywhere)  
-20.10 [C9: Implement Security Logging and Monitoring](#c9-implement-security-logging-and-monitoring)  
-20.11 [C10: Handle all Errors and Exceptions](#c10-handle-all-errors-and-exceptions)  
+20.2 [Checklist: Define Security Requirements](#checklist-define-security-requirements)  
+20.3 [Checklist: Leverage Security Frameworks and Libraries](#checklist-leverage-security-frameworks-and-libraries)  
+20.4 [Checklist: Secure Database Access](#checklist-secure-database-access)  
+20.5 [Checklist: Encode and Escape Data](#checklist-encode-and-escape-data)  
+20.6 [Checklist: Validate All Inputs](#checklist-validate-all-inputs)  
+20.7 [Checklist: Implement Digital Identity](#checklist-implement-digital-identity)  
+20.8 [Checklist: Enforce Access Controls](#checklist-enforce-access-controls)  
+20.9 [Checklist: Protect Data Everywhere](#checklist-protect-data-everywhere)  
+20.10 [Checklist: Implement Security Logging and Monitoring](#checklist-implement-security-logging-and-monitoring)  
+20.11 [Checklist: Handle all Errors and Exceptions](#checklist-handle-all-errors-and-exceptions)  
 
 \newpage

draft/20-proactive-control-checklist/02-define-security-requirements.md

@@ -1,6 +1,6 @@
 ---
 
-title: Control 1 Define Security Requirements
+title: Define Security Requirements Checklist
 layout: col-document
 tags: OWASP Developer Guide
 contributors:
@@ -11,7 +11,7 @@ order: 2002
 
 {% include breadcrumb.html %}
 
-### 20.2 C1: Define Security Requirements
+### 20.2 Checklist: Define Security Requirements
 
 ![Developer Guide](../assets/images/dg_wip.png "OWASP Developer Guide"){: height="220px" }
 

draft/20-proactive-control-checklist/03-frameworks-libraries.md

@@ -1,6 +1,6 @@
 ---
 
-title: Control 2 Leverage Security Frameworks and Libraries
+title: Leverage Security Frameworks and Libraries Checklist
 layout: col-document
 tags: OWASP Developer Guide
 contributors:
@@ -11,7 +11,7 @@ order: 2003
 
 {% include breadcrumb.html %}
 
-### 20.3 C2: Leverage Security Frameworks and Libraries
+### 20.3 Checklist: Leverage Security Frameworks and Libraries
 
 ![Developer Guide](../assets/images/dg_wip.png "OWASP Developer Guide"){: height="220px" }
 

draft/20-proactive-control-checklist/04-secure-database-access.md

@@ -1,6 +1,6 @@
 ---
 
-title: Control 3 Secure Database Access
+title: Secure Database Access Checklist
 layout: col-document
 tags: OWASP Developer Guide
 contributors:
@@ -11,7 +11,7 @@ order: 2004
 
 {% include breadcrumb.html %}
 
-### 20.4 C3: Secure Database Access
+### 20.4 Checklist: Secure Database Access
 
 ![Developer Guide](../assets/images/dg_wip.png "OWASP Developer Guide"){: height="220px" }
 

draft/20-proactive-control-checklist/05-encode-escape-data.md

@@ -1,6 +1,6 @@
 ---
 
-title: Control 4 Encode and Escape Data
+title: Encode and Escape Data Checklist
 layout: col-document
 tags: OWASP Developer Guide
 contributors:
@@ -11,11 +11,12 @@ order: 2005
 
 {% include breadcrumb.html %}
 
-### 20.5 C4: Encode and Escape Data
+### 20.5 Checklist: Encode and Escape Data
 
 Encoding and escaping of output data are defensive techniques meant to stop injection attacks
 on a target system or application which is receiving the output data.
-Refer to proactive control '[Encode and Escape Data][control4]' in the 'OWASP Top 10 Proactive Controls' project.
+Refer to proactive control '[C4: Encode and Escape Data][control4]'
+for more context from the 'OWASP Top 10 Proactive Controls' project.
 
 The target system may be another software component or it may be reflected back to the initial system,
 such as operating system commands,
@@ -47,14 +48,14 @@ The specific methods vary depending on the way the output data is used, such as
 
 ----
 
-The OWASP Developer Guide is a community effort; if you see something that needs changing
+The OWASP Developer Guide is a community effort; if there is something that needs changing
 then [submit an issue][issue2005] or a [pull request][pr].
 
 [control4]: https://owasp.org/www-project-proactive-controls/v3/en/c4-encode-escape-data
 [encoder]: https://www.owasp.org/index.php/OWASP_Java_Encoder_Project
 [ipcs]: https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html
 [issue2005]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=enhancement&template=request.md&title=Update:%2020-proactive-control-checklist/05-encode-escape-data
 [pr]: https://github.com/OWASP/www-project-developer-guide/pulls
-[proactive10]: https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs
+[proactive10]: https://owasp.org/www-project-proactive-controls/
 
 \newpage