A few suggested improvements:
Update to use OWASP Top 10 2017 https://www.owasp.org/index.php/Top_10-2017_Top_10
Incorporate OWASP Top 10 Proactive controls https://www.owasp.org/index.php/OWASP_Proactive_Controls
XSS Section refers only to stored XSS. Describe reflected XSS as well. Describe DOM-based XSS and mitigations.
Provide some examples of Security Misconfiguration
Provide advice on how to keep software patched for security flaws
The post says "Use HTTPS if you can". HTTPS is not optional for web security.
A few suggested improvements:
Update to use OWASP Top 10 2017 https://www.owasp.org/index.php/Top_10-2017_Top_10
Incorporate OWASP Top 10 Proactive controls https://www.owasp.org/index.php/OWASP_Proactive_Controls
XSS Section refers only to stored XSS. Describe reflected XSS as well. Describe DOM-based XSS and mitigations.
Provide some examples of Security Misconfiguration
Provide advice on how to keep software patched for security flaws
The post says "Use HTTPS if you can". HTTPS is not optional for web security.