OWASP

OWASP

The Open Web Application Security Project (OWASP) is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is a 501(c)(3) charitable organization that supports and manages OWASP projects and infrastructure. It is also a registered non profit in Europe since June 2011.

OWASP is not affiliated with any technology company, although it supports the informed use of security technology. OWASP has avoided affiliation as it believes freedom from organizational pressures may make it easier for it to provide unbiased, practical, cost-effective information about application security.[citation needed] OWASP advocates approaching application security by considering the people, process, and technology dimensions.

OWASP's most successful documents include the book-length OWASP Guide, The OWASP Code Review Guide :OWASP_Code_Review_Projectand the widely adopted OWASP Top 10 awareness document.[citation needed] The most widely used OWASP tools include their training environment WebGoat, their penetration testing proxy WebScarab, and their OWASP .NET tools. OWASP includes roughly 100 local chapters around the world and thousands of participants on the project mailing lists. OWASP has organized the AppSec series of conferences to further build the application security community.

OWASP is also an emerging standards body, with the publication of its first standard in December 2008, the OWASP Application Security Verification Standard (ASVS). The primary aim of the OWASP ASVS Project is to normalize the range of coverage and level of rigor available in the market when it comes to performing application-level security verification. The goal is to create a set of commercially-workable open standards that are tailored to specific web-based technologies. A Web Application Edition has been published. A Web Service Edition is under development.

Contents

Projects

OWASP projects are broadly divided into two main categories, development projects, and documentation projects. Its documentation projects currently consist of:

  • OWASP Application Security Verification Standard (ASVS) – A standard for performing application-level security verifications.
  • The Guide – This document provides detailed guidance on web application security
  • Top Ten Most * DotNet – a variety of tools for securing .NET environments.
  • Enigform – A set of proof-of-concept client and server side applications to implement OpenPGP features into HTTP, such as Secure Session Management, Request/Response signing, and OpenPGP-Encrypted HTTP.
  • ESAPI [1] – OWASP Enterprise Security API (ESAPI) Project – A free and open collection of security methods needed to build secure web applications.
  • AntiSamy – An enterprise web input validation and output encoding tool
  • And many other application security tools1

History

OWASP was started on September 9, 2001 By Mark Curphey and Dennis Groves. Since late 2003, Jeff Williams served as the volunteer Chair of OWASP until September 2011. The current chair is Michael Coates, and vice chair is Eoin Keary. The OWASP Foundation, a 501(c)(3) organization (in the USA) was established in 2004 and supports the OWASP infrastructure and projects. OWASP is not about individual recognition but community knowledge sharing. The OWASP Leaders are responsible for making decisions about technical direction, project priorities, schedule, and releases. Collectively, the OWASP Leaders can be thought of as the management of the OWASP Foundation.

OWASP has 3 employees and very low expenses, which are covered by conferences, corporate sponsors and banner advertisements. OWASP awards thousands of dollars each year of corporate and individual membership dues as grants to promising applications security research projects.

See also

References

External links


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • OWASP — Saltar a navegación, búsqueda OWASP (acrónimo de Open Web Application Security Project, en inglés ‘Proyecto de seguridad de aplicaciones web abiertas’) es un proyecto de código abierto dedicado a determinar y combatir las causas que hacen que el… …   Wikipedia Español

  • Owasp — (Open Web Application Security Project) est une communauté travaillant sur la sécurité des applications Web. Sa philosophie est d être à la fois libre et ouverte à tous. OWASP est aujourd hui reconnu dans le monde de la sécurité des systèmes d… …   Wikipédia en Français

  • OWASP Mantra Security Framework — OWASP Mantra Security Framework …   Wikipedia

  • Open Web Application Security Project — OWASP (acrónimo de Open Web Application Security Project, en inglés ‘Proyecto de seguridad de aplicaciones web abiertas’) es un proyecto de código abierto dedicado a determinar y combatir las causas que hacen que el software sea inseguro. La… …   Wikipedia Español

  • Open Web Application Security Project — OWASP (Open Web Application Security Project) est une communauté travaillant sur la sécurité des applications Web. Sa philosophie est d être à la fois libre et ouverte à tous. OWASP est aujourd hui reconnu dans le monde de la sécurité des… …   Wikipédia en Français

  • Cross-site scripting — (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client side script into Web pages viewed by other users. A cross site scripting vulnerability may be used by attackers to… …   Wikipedia

  • SQL injection — A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website in order to dump the database content to the attacker. SQL injection is a code injection technique that… …   Wikipedia

  • Opa (programming language) — Opa Paradigm(s) multi paradigm: imperative, functional Appeared in 2011 Developer MLstate Stable release …   Wikipedia

  • CCWAPSS — The Common Criteria Web Application Security Scoring (CCWAPSS) is a scoring scale developed by security consultants to evaluate the security level of a web application regarding penetration tests and security assessments.The main benefit of this… …   Wikipedia

  • Frame injection — For other uses of the term frame injection , see Frame injection (disambiguation). A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser. [cite web|url=http …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”