OWASP
From Wikipedia, the free encyclopedia
The Open Web Application Security Project (OWASP) is an open-source project dedicated to finding and fighting the causes of insecure software. The OWASP Foundation is a 501(c)(3) charitable organization that supports and manages OWASP projects and infrastructure. The OWASP community includes corporations, educational organizations, and individuals from around the world. Together, OWASP forms an application security community that works together to create articles, methodologies, documentation, tools, and technologies that are freely available for the entire world to use.
OWASP is a new type of entity in the security market. Freedom from organizational pressures may make it easier for OWASP to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although it supports the informed use of security technology. OWASP advocates approaching application security by considering the people, process, and technology dimensions of the challenge.
OWASP's most successful documents include the book length OWASP Guide and the widely adopted OWASP Top 10 awareness document. The most widely used OWASP tools include the training environment WebGoat, penetration testing proxy WebScarab, and the OWASP .NET tools. OWASP includes over 75 local chapters around the world and thousands of participants on the project mailing lists. OWASP has organized the AppSec series of conferences to further build the application security community.
Contents |
[edit] Projects
OWASP projects are broadly divided into two main categories, development projects, and documentation projects. Its documentation projects currently consist of:
- The Guide – This document that provides detailed guidance on web application security
- Top Ten Most Critical Web Application Vulnerabilities – A high-level document to help focus on the most critical issues
- Metrics – A project to define workable web application security metrics
- Legal – A project to help software buyers and sellers negotiate appropriate security in their contracts
- Testing Guide – A guide focused on effective web application security testing
- ISO 17799 – Supporting documents for organizations performing ISO17799 reviews
- AppSec FAQ – Frequently asked questions and answers about application security
Development projects include:
- WebScarab - a web application vulnerability assessment suite including proxy tools
- Validation Filters – (Stinger for J2EE, filters for PHP) generic security boundary filters that developers can use in their own applications
- WebGoat - an interactive training and benchmarking tool that users can learn about web application security in a safe and legal environment
- DotNet – a variety of tools for securing .NET environments.
[edit] History
OWASP was started in 2000. The OWASP Foundation, a 501c3 organization was established in 2004 and supports the OWASP infrastructure and projects. OWASP, is not about individual recognition but community knowledge sharing. The OWASP Leaders are responsible for making decisions about technical direction, project priorities, schedule, and releases. Collectively, the OWASP Leaders can be thought of as the management of the OWASP Foundation.
OWASP depends on sponsorship, corporate and individual membership dues for all of its expenses.