Open Web Application Security Project#
Open Community#
OWASP is an open international community dedicated to helping organizations develop, acquire, and operate reliable applications. With tools, documents, forums, and chapters open and free for anyone interested in improving the security of their applications.
The project also maintains the OWASP Foundation, an international institution that supports the community’s long-term projects.
Values#
OPEN; Everything is radically transparent, from finances to our code.
INNOVATION; Encourages and supports innovations and experiments to solve software security challenges.
GLOBAL; Anyone from around the world is encouraged to join the community.
INTEGRITY; It is an honest and truthful global community, vendor-neutral.
Projects#
Now, let’s introduce some well-known OWASP projects, always remembering that you can find all the content freely available online and you can also collaborate in their development.
OWASP Top 10#
It is an awareness document for web application security. It brings together the most critical web application security risks. In this list, you can find some vulnerabilities, how to check if your application is not vulnerable to them, and also some countermeasures. Project link.
OWASP Zed Attack Proxy (ZAP)#
ZAP is a popular vulnerability testing tool among security professionals and pentesters. It can help you find and address vulnerabilities in your web applications. Project link.
OWASP Offensive Web Testing Framework (OWTF)#
Also a tool to help you in the search for vulnerabilities, OWTF was created to automate these processes and make manual and repetitive testing less tedious. It provides direct support for NTIS and PTES standards. Project link.
OWASP Juice Shop Project#
As they like to say, it is probably the most modern and sophisticated insecure web application! Yes, that’s right, an insecure application for you to test and learn about the Top 10 vulnerabilities, with a whole learning support system, book, and tools to make learning easier. Project link.
These are just a few of the many projects. If you want to know all the projects, take a look at the project repository. If you want to participate in the projects, join the project’s GitHub or contact its Project Leader.