OWASP
From Infogalactic: the planetary knowledge core
Lua error in package.lua at line 80: module 'strict' not found.
 |
|
| Founded | 2001[1] |
|---|---|
| Founder | Mark Curphey[1] |
| Type | 501(c)(3) Nonprofit organization |
| Focus | Web Security, Application Security, Vulnerability Assessment |
| Method | Industry standards, Conferences, Workshops |
| Tobias Gondrom, Chairman; Josh Sokol, Vice-Chairman; Fabio Cerullo, Treasurer; Matt Konda, Secretary; Andrew van der Stock; Michael Coates; Jim Manico | |
|
Key people
|
Paul Ritchie, Executive Director; Kate Hartmann, Operations Director; Kelly Santalucia, Membership and Business Liaison; Alison McNamee, Accounting; Laura Grau, Event Manager; Noreen Whysel, Community Manager; Claudia Cassanovas, Project Coordinator |
|
Volunteers
|
42,000+ |
| Website | www |
Lua error in package.lua at line 80: module 'strict' not found.
The Open Web Application Security Project (OWASP) is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.[2][3]
History
OWASP was started on September 9, 2001 by Mark Curphey.[1][4] Jeff Williams served as the volunteer Chair of OWASP from late 2003 until September 2011. The current chair is Tobias Gondrom and the vice chair is Josh Sokol.[5]
The OWASP Foundation, a 501(c)(3) non-profit organization (in the USA), was established in 2004 and supports the OWASP infrastructure and projects. Since 2011, OWASP is also registered as a non-profit organization in Belgium under the name of OWASP Europe VZW.[citation needed]
Publications and resources
- OWASP Top Ten: The Top Ten was first published in 2003 and is regularly updated.[6] Its goal is to raise awareness about application security by identifying some of the most critical risks facing organizations.[7][8][9] The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS,[10] Defense Information Systems Agency, FTC, and many more.
- OWASP Software Assurance Maturity Model: The Software Assurance Maturity Model (SAMM) project is committed to building a usable framework to help organizations formulate and implement a strategy for application security that is tailored to the specific business risks facing the organization.
- OWASP Development Guide: The Development Guide provides practical guidance and includes J2EE, ASP.NET, and PHP code samples. The Development Guide covers an extensive array of application-level security issues, from SQL injection through modern concerns such as phishing, credit card handling, session fixation, cross-site request forgeries, compliance, and privacy issues.
- OWASP Testing Guide: The OWASP Testing Guide includes a "best practice" penetration testing framework that users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues. Version 4 was published in September 2014, with input from 60 individuals.[11]
- OWASP Code Review Guide: The code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008.
- OWASP Application Security Verification Standard (ASVS): A standard for performing application-level security verifications.[12]
- OWASP XML Security Gateway (XSG) Evaluation Criteria Project.[13]
- OWASP Top 10 Incident Response Guidance. This project provides a proactive approach to Incident Response planning. The intended audience of this document includes business owners to security engineers, developers, audit, program managers, law enforcement & legal council.[14]
- OWASP ZAP Project: The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience including developers and functional testers who are new to penetration testing.
- Webgoat: a deliberately insecure web application created by OWASP as a guide for secure programming practices.[1] Once downloaded, the application comes with a tutorial and a set of different lessons that instruct students how to exploit vulnerabilities with the intention of teaching them how to write code securely.
Awards
The OWASP organization received the 2014 SC Magazine Editors Choice award.[15][3]
See also
- High Orbit Ion Cannon – an open-source HTTP flooder
- Low Orbit Ion Cannon – an open-source network stressor
- Metasploit Project
- w3af
References
- ↑ 1.0 1.1 1.2 1.3 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 3.0 3.1 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Board. OWASP. Retrieved on 2015-02-27.
- ↑ OWASP Top Ten Project on owasp.org
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ https://www.owasp.org/index.php/OWASP_Incident_Response_Project
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
External links
Categories:
- Articles to be merged from November 2015
- Use mdy dates from August 2012
- Articles with unsourced statements from November 2015
- Official website not in Wikidata
- Computer network security
- Web security exploits
- Computer security organizations
- 501(c)(3) nonprofit organizations
- Non-profit organisations based in Belgium
