Open Web Application Security Project
The Open Web Application Security Project ( OWASP ) is a non-profit organization that aims to improve the security of applications and services on the World Wide Web . By creating transparency, end users and organizations should be able to make informed decisions about real security risks in software.
Companies, educational institutions and individuals from all over the world are involved in the OWASP community . Within the community freely available information materials, methods, tools and technologies are developed.
The OWASP is not associated with technology companies, although it supports the judicious use of security technology. The connections are avoided in order to be free from organizational constraints. This makes it easier to provide unbiased, practical, and economical information about application security.
The OWASP pursues the approach of achieving information security while taking into account the participants, processes and dimensions of the technology.
Projects
The OWASP projects are largely divided into two main categories: development and documentation projects.
The documentation project currently consists of:
- OWASP Application Security Verification Standard (ASVS)
- a standard for performing security verifications at the application level.
- The Guide
- This document contains detailed recommendations for action on web application security.
- Top Ten Most * DotNet
- a variety of tools to secure .NET environments.
- Enigform
- to implement a combination of exemplary end device and server-side applications with OpenPGP functions (including encryption, signing) in HTTP .
- ESAPI OWASP Enterprise Security API (ESAPI) Project
- a free and open collection of methods that are needed to create secure web applications.
- AntiSamy
- a tool for validating entries on the web and encoding the result.
- XSSer
- an automatic system for the detection, exploitation and reporting of cross-site scripting - vulnerabilities in web applications.
- Webgoat
- an intentionally insecure web application made by OWASP as a guide to safe programming practices.
- WebScarab
- an http and https proxy server that can be used to change and check the contents of data packets and to interrupt the transmission. This gives the user a better understanding of what information is being transmitted by the web server and can be used to uncover possible vulnerabilities.
- OWASP Mantra Security Framework
- a collection of hacking tools, extensions and scripts based on Mozilla Firefox .
organization
The OWASP has five employees and very little expenses covered by conferences, sponsorship and banner ads. Thousands of dollars in rewards are paid annually as grants for promising application security research projects.