All About OWASP Application Security

The OWASP, started by Mark Curphey on September 9, 2001, stands for Open Web Application Security Project. This online community is one that freely makes available articles, tools, documentation, methodologies, and expertise in the web applications security domain. It operates as a non-profit body and hence provides unbiased, practical information about the application security. Over the years, since its inception, individuals, organizations, corporations and even governmental agencies rely on OWASP publications. In 2014, the OWASP organization was conferred with the SC Magazine Editor’s Choice award.

Publications/Resources

OWASP Top Ten – Initially published in the year 2003, OWASP Top 10 is updated on a regular basis. The idea behind this publication was to increase awareness about key risks faced by organizations in the application security area. Many books, tools, standards, and even organizations like the PCI DSS, MITRE, the US Federal Trade Commission (FTC), and a few more reference to this Top Ten publication.

OWASP SAMM [Software Assurance Maturity Model] – This project was born out of a need to create a reliable framework for helping organizations to derive and implement application security strategies that are tailored to suit its business risks.

OWASP’s Development Guide – As the name suggests this is a development guide that provides guidance and resources in terms of code samples of J2EE, ASP.NET, and PHP to aid in the application security-related software development. It addresses a wide range of issues usually found in application security areas like the SQL injection, phishing, privacy issues, session fixation and much more.

OWASP Testing Guide – As important as development guidelines as testing guides and framework in the application security domain. Hence, this resource comes with the best practice based penetration analysis framework. This framework can be used by organizations for testing application security. It also provides a small level penetration analysis guide which details the many common techniques that can be used for testing for the commonest web application security issues.

OWASP Application Security Verification Standard (ASVS) – This was the first open standard published in 2008 by OWASP. It is a standard for executing rigorous application-level safetysubstantiations covering a number of web-based technologies.

OWASP Top TenOccurrence Response Guidance – A wide variety of people ranging from security engineers, developers, program managers and even law enforcement and legal council refer to this publication from OWASP as a guide to plan a proactive approach to incident responses.

This project delivers a proactive method to Incident Response development. The envisioned audience of this document is business owners, security engineers, audit managers, program managers, developers, by-law enforcement and legal counsel.

Other Projects and Resources

Apart from what is mentioned above, OWASP also has many other resources and projects that aid the community of people working relentlessly on application security. The OWASP XML Security Gateway (XSG) Evaluation Criteria Project, the OWASP ZAP Project, OWASP code review guide, Webgoat, and OWASP AppSec Pipeline are just a few examples. It also conducts a lot of workshops and conferences in the application security domain to keep the momentum going.

Comments are closed