From dc0a87fabca6c6aff530fa855a9194e645223c58 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 29 Oct 2012 15:09:25 +0100
Subject: [PATCH] Add OWASP Top Ten

---
 developer_manual/security.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/developer_manual/security.rst b/developer_manual/security.rst
index d38ed540b..e8419912f 100644
--- a/developer_manual/security.rst
+++ b/developer_manual/security.rst
@@ -12,7 +12,7 @@ Blacklisted PHP functionality
 **!=** 
  Use !== instead
 **rand(), srand(), mt_rand()**
- If you need a cryptographical secure random number use OC_Util::generate_random_bytes() instead
+ If you need a cryptographical secure random string use OC_Util::generate_random_bytes() instead, the PHP provided functions are `not secure <http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/>`_.
 
 CSRF protection
 -----------------------------
@@ -29,4 +29,8 @@ OC_Util::checkAdminUser() or OC_JSON::checkAdminUser()
 OC_Util::checkSubAdminUser() or OC_JSON::checkSubAdminUser()
  Checks if the user has subadmin rights
 
+Recommended reading
+-----------------------------
+The `OWASP Top Ten Project <https://www.owasp.org/index.php/Top_10_2010-Main>`_ provides good informations about the 10 most common security vulnerabilities in web applications.
+
 TBD
\ No newline at end of file