Clever Geek Handbook
📜 ⬆️ ⬇️

OWASP

The Open Web Application Security Project (OWASP) is an open source project.

The OWASP community includes corporations, educational organizations, and individuals from all over the world. The community is working on creating freely accessible articles, manuals, documentation, tools and technologies.

The OWASP Foundation is a charity that supports and manages OWASP projects and infrastructure. In addition, the Fund has been registered as a non-profit organization in Europe since June 2011.

OWASP is not affiliated with any technology development company, but it supports the competent use of security technologies. The project avoids affiliation, as it believes that freedom from influence from other organizations can facilitate the dissemination of unbiased, useful and cheap information about application security.

OWASP community members make applications safer, given the human factor and technological level.

The most requested documents published by OWASP include: OWASP Guide [1] , OWASP Code Review Guide [2] and the widely used Top 10 OWASP Project [3] .

The most common OWASP tools are the training environment [4] , the WebScarab proxy analyzer [5] and .NET tools [6] . OWASP consists of approximately 190 local branches [7] located around the world and thousands of participants on the project mailing lists.

OWASP organized a series of AppSec conferences [8] to further build the application security community.

OWASP creates standards, the first of which was published under the name OWASP Application Security Verification Standard (ASVS)). [9] The main goal of OWASP ASVS is to standardize the range and severity of marketable security applications. OWASP ASVS also aimed to create a set of commercially successful open standards tailored to specialized web technologies. A compilation for Web Applications has already been published. Collection for Web Services in the development process.

Content

  • 1 Projects
  • 2 History
  • 3 Awards
  • 4 See also
  • 5 notes
  • 6 References

projects

OWASP projects are a set of related tasks that have a specific development plan and development team.

OWASP project leaders are responsible for defining the image, scheme and objectives of the project, they are also involved in project promotion and recruitment. Currently, there are more than 130 active OWASP projects, and the number of these projects is growing weekly. Projects are one of the most popular divisions of OWASP, as they give activists the opportunity to freely test various theories and ideas with professional support from the OWASP community.

Everything created by OWASP: tools, documentation, and code libraries is divided into the following categories.

Security is tools and documentation that can be used to defend against attacks and exploit system weaknesses.

Discovery is tools and documentation that can be used to detect attacks and system failures .

A cycle is a tool and documentation that can be used to add security related work to the software life cycle .

Some of the OWASP Projects

  • OWASP Application Security Verification Standard (ASVS) - The standard for conducting security checks of applications.
  • The OWASP Development Guide provides practical advice and code examples for J2EE, ASP.NET, and PHP. Seriously revised in 2014, the Development Guide covers an extensive array of security issues for the application tier, from SQL injection to advanced issues such as phishing , credit card processing, session fixing, cross-site request forgery , reconciliation and privacy.
  • The OWASP Testing Guide includes a “best practice” penetration testing framework that users can use in their organizations and a “low-level” penetration testing guide that describes testing techniques for the most common security issues in web applications and web services.
  • The OWASP Version 1.1 Code Review Guide is the second-largest print publication released by OWASP in 2008. At the same time, version 1.0 already gathered a lot of positive reviews and became one of the key products that allow OWASP to deal with software security problems.
  • OWASP ZAP Project : Zet Attack Proxy is an easy-to-use built-in penetration testing tool for finding vulnerabilities in web applications. It is designed for use by people with various security backgrounds and is the benchmark for developers and functional testers who have no experience in penetration testing.
  • OWASP Top 10 : The goal of the Top 10 project is to increase awareness of application security by identifying the most critical risks that threaten organizations. The Top 10 project is referenced by many standards , tools and organizations, including MITRE, PCI DSS , DISA, FTC, and many others.
  • OWASP Software Completion Model : This project seeks to create a useful framework to help organizations formulate and implement application security strategies, taking into account the specific business risks that the organization faces.
  • Webgoat is a knowingly unreliable web application created by OWASP as a guide to writing safe code. A tutorial and a set of different courses are supplied with the application, telling students how to use vulnerability information to write secure code.
  • OWASP Mantra Security Framework : A collection of hacking tools, extensions, and scripts based on Mozilla Firefox .
  • Many other security tools and applications are available in the OWASP project structure .

History

OWASP was founded on September 9, 2001 by Mark Curfy and Dennis Groves. From the end of 2003, Jeff Williams served as the volunteer chairman of OWASP until September 2011. The current chairman is Michael Coates, and vice chairman is Eoyne Kiri . The OWASP Foundation, organization 501 (c) (3) (in the United States), was established in 2004 and supports OWASP projects and infrastructure. OWASP does not serve the personal goals of its leaders, but the dissemination of knowledge.

OWASP leaders are responsible for making technical management decisions, project priorities, schedules, and product releases.

In general, OWASP leaders can be perceived as the management of the OWASP Foundation.

OWASP officially employs 8 people, as a result of which the project has extremely low costs, covered by conferences, corporate sponsors and advertising. OWASP annually awards grants to corporate and individual members for the development of promising security applications.

Since 2011, OWASP is registered as a non-profit organization in Belgium under the name OWASP Europe VZW.

Rewards

  • 2014 - Awards [10] .

See also

  • Computer security
  • Kali Linux
  • Security bug

Notes

  1. ↑ OWASP Guide Project - OWASP
  2. ↑ Category: OWASP Code Review Project - OWASP
  3. ↑ http://www.owasp.org/index.php/OWASP_Top_Ten_Project OWASP
  4. ↑ http://www.owasp.org/index.php/OWASP_WebGoat_Project WebGoat
  5. ↑ Category: OWASP WebScarab Project - OWASP
  6. ↑ http://www.owasp.org/index.php/Category:OWASP_.NET_Project OWASP
  7. ↑ OWASP Chapter - OWASP
  8. ↑ Category: OWASP AppSec Conference - OWASP
  9. ↑ Category: OWASP Application Security Verification Standard Project - OWASP
  10. ↑ Winners | SC Magazine Awards

Links

  • OWASP Project
  • OWASP Russian Branch Page
  • An article about the Top 10 project
  • OWASP Application Security Verification Standard (ASVS)
  • Writing Secure Code (MS Press) ISBN 0-7356-1722-8
  • Threats and Countermeasures (MSDN)
  • Translation of the OWASP methodology into Russian.
  • Translation and adaptation of OWASP Mobile Top 10 into Russian.
Source - https://ru.wikipedia.org/w/index.php?title=OWASP&oldid=100975442


More articles:

  • Tivier (Cantal)
  • 1564
  • Monshan (Cantal)
  • Zhukova, Maria Semenovna
  • Leshchinsky, Raphael (governor of Belz)
  • Holmium (III) sulfate
  • SKD-5 Sibiryak
  • Theater C. A. D.
  • Drew John (basketball player)
  • Koja Yusuf Pasha

All articles

Clever Geek | 2019