What is OWASP?

At its most basic OWASP stands for Open Web Application Security Project.  Many people that I work with or do business with have never heard of this organization.  The first issue is that OWASP is an open worldwide community of security professionals.  I do not think there are many security professionals that are also good solid marketing professionals.  This may be one reason that it lives in relative obscurity.

If you are a developer a test professional or work in the IT security industry, then you should know about OWASP and what it can help you accomplish and how it can help you avoid or identify common security issues in code.

Why is OWASP relevant? There are many good security things that OWASP does, but I am going to focus on the top three things that I feel makes OWASP relevant.

  1. OWASP Top 10 Project – OWASP publishes every few years a top 10 list of vulnerabilities.  These top 10 vulnerabilities are vetted by the members and contributing organizations and are actual real world issues. There are hundreds of vulnerabilities, but these are the worst of the worst, there should be no instances of these vulnerabilities in code
  2. OWASP ZED Attack Proxy (ZAP) – This product is the most popular free security tool out there.  It is utilized to find and report security vulnerabilities in web based software.  OWASP and a large group of volunteers maintain the code and vulnerability list.
  3. OWASP Cheat Sheet Series – This is currently a group of 9 quick lists of how to setup specific processes.  Examples are how to use secure session management, how to setup adequate logging, etc.

There are many local OWASP chapters in most major cities.  Take a look to see if one is near you.

The OWASP Core Values

OPEN Everything at OWASP is radically transparent from our finances to our code.

INNOVATION OWASP encourages and supports innovation and experiments for solutions to software security challenges.

GLOBAL Anyone around the world is encouraged to participate in the OWASP community.

INTEGRITY OWASP is an honest and truthful, vendor neutral, global community.

Lance Caven is a former member of the OWASP organization, currently there is no local OWASP chapter in Northern Minnesota/Northwestern Wisconsin.