OWASP

  1. Home
  2. Wiki
OWASP
Founded2001[1]
FoundersMark Curphey[1]
Type501(c)(3) nonprofit organization
PurposeWeb security, application security, vulnerability assessment
MethodIndustry standards, conferences, workshops
Membershipapprox. 13,000 volunteers (2017)[4]
Key people
Andrew van der Stock, Executive Director; Kelly Santalucia, Director of Events and Corporate Support; Harold Blankenship, Director of Technology and Projects; Jason C. McDonald, Director of Community Development; Dawn Aitken, Operations Manager; Lauren Thomas, Event Coordinator[2]
RevenueDecrease $2.3 million (2017)[3]
Websiteowasp.org

OWASP, the Open Worldwide Application Security Project (formerly Open Web Application Security Project), is an online community that publishes open-source information and resources on IoT, system software and web application security.[5] It is led by a non-profit called The OWASP Foundation.

History

[edit]

Mark Curphey started OWASP on September 9, 2001.[1] Jeff Williams served as the volunteer Chair of OWASP from late 2003 until September 2011. As of 2015, Matt Konda chaired the Board.[6] The OWASP Foundation, a 501(c)(3) non-profit organization in the US established in 2004, supports the OWASP infrastructure and projects. Since 2011, OWASP is also registered as a non-profit organization in Belgium under the name of OWASP Europe VZW.[7] In February 2023, it was reported by Bil Corry, a OWASP Foundation Global Board of Directors officer,[8] on Twitter that the board had voted for renaming from the Open Web Application Security Project to its current name, replacing Web with Worldwide.[9]

Resources

[edit]

Tools

[edit]
  • OWASP ZAP: a penetration testing tool.
  • Webgoat: a deliberately insecure web application created by OWASP as a guide for secure programming practices.[1]

Publications

[edit]

Models and standards

[edit]
  • OWASP Software Assurance Maturity Model[19]
  • OWASP Application Security Verification Standard (ASVS): A standard for performing application-level security verifications.[20]

Other projects

[edit]
  • OWASP XML Security Gateway (XSG) Evaluation Criteria Project.[21]
  • OWASP AppSec Pipeline[22]
  • OWASP Automated Threats to Web Applications[23][24]
  • OWASP API Security Project[25]
  • OWASP AI Maturity Assessment Project (AIMA)[26]

Certifications

[edit]

They also several certification schemes.[27][28][29]

Awards

[edit]

The OWASP organization received the 2014 Haymarket Media Group SC Magazine Editor's Choice award.[30][31]

See also

[edit]

References

[edit]
  1. ^ a b c d Huseby, Sverre (2004). Innocent Code: A Security Wake-Up Call for Web Programmers. Wiley. p. 203. ISBN 0470857447.
  2. ^ "OWASP Foundation Staff". OWASP. February 12, 2023. Retrieved May 3, 2022.
  3. ^ "OWASP FOUNDATION INC". Nonprofit Explorer. ProPublica. May 9, 2013. Retrieved January 8, 2020.
  4. ^ "OWASP Foundation's Form 990 for fiscal year ending Dec. 2017". October 26, 2018. Retrieved January 8, 2020 – via ProPublica Nonprofit Explorer.
  5. ^ "OWASP Internet of Things". Retrieved December 26, 2023.
  6. ^ "Board". OWASP. Archived from the original on September 16, 2017. Retrieved February 27, 2015.
  7. ^ "OWASP Europe". OWASP. Archived from the original on April 17, 2016. Retrieved July 7, 2024.
  8. ^ "Global Board". owasp.org. Archived from the original on April 29, 2024. Retrieved July 7, 2024.
  9. ^ Corry, Bil [@bilcorry] (February 25, 2023). "A change you might notice about @owasp , the Board voted to change the "W" from "Web" to "Worldwide", making it the "Open Worldwide Application Security Project"" (Tweet). Retrieved July 7, 2024 – via Twitter.
  10. ^ "OWASP Top Ten". owasp.org. Archived from the original on July 6, 2024. Retrieved July 7, 2024.
  11. ^ Trevathan, Matt (October 1, 2015). "Seven Best Practices for Internet of Things". Database and Network Journal. Archived from the original on November 28, 2015.
  12. ^ Crosman, Penny (July 24, 2015). "Leaky Bank Websites Let Clickjacking, Other Threats Seep In". American Banker. Archived from the original on November 28, 2015.
  13. ^ Pauli, Darren (December 4, 2015). "Infosec bods rate app languages; find Java 'king', put PHP in bin". The Register. Retrieved December 4, 2015.
  14. ^ "OWASP top 10 vulnerabilities". developerWorks. IBM. April 20, 2015. Retrieved November 28, 2015.
  15. ^ "Payment Card Industry (PCI) Data Security Standard" (PDF). PCI Security Standards Council. November 2013. p. 55. Retrieved December 3, 2015.
  16. ^ "Open Web Application Security Project Top 10 (OWASP Top 10)". Knowledge Database. Synopsys. Synopsys, Inc. 2017. Retrieved July 20, 2017. Many entities including the PCI Security Standards Council, National Institute of Standards and Technology (NIST), and the Federal Trade Commission (FTC) regularly reference the OWASP Top 10 as an integral guide for mitigating Web application vulnerabilities and meeting compliance initiatives.
  17. ^ "Authorization remains #1 issue – OWASP 2023 Top 10 List". Cerbos. Retrieved September 2, 2024.
  18. ^ "OWASP Incident Response Project – OWASP". Archived from the original on April 6, 2019. Retrieved December 12, 2015.
  19. ^ "What is OWASP SAMM?". OWASP SAMM. Retrieved November 6, 2022.
  20. ^ Baar, Hans; Smulters, Andre; Hintzbergen, Juls; Hintzbergen, Kees (2015). Foundations of Information Security Based on ISO27001 and ISO27002 (3 ed.). Van Haren. p. 144. ISBN 9789401800129.
  21. ^ "Category:OWASP XML Security Gateway Evaluation Criteria Project Latest". Owasp.org. Archived from the original on November 3, 2014. Retrieved November 3, 2014.
  22. ^ "OWASP AppSec Pipeline". Open Web Application Security Project (OWASP). Archived from the original on January 18, 2020. Retrieved February 26, 2017.
  23. ^ "AUTOMATED THREATS to Web applications" (PDF). OWASP. July 2015.
  24. ^ "OWASP Automated Threats to Web Applications". owasp.org. Archived from the original on June 29, 2024. Retrieved July 7, 2024.
  25. ^ "OWASP API Security Project – OWASP Foundation". OWASP.
  26. ^ "OWASP AI Maturity Assessment Project – OWASP Foundation". OWASP.
  27. ^ "qa.com | Certified OWASP Security Fundamentals (QAOWASPF)". www.qa.com. Retrieved October 25, 2024.
  28. ^ "A01 Broken Access Control – OWASP Top 10:2021". owasp.org. Retrieved October 25, 2024.
  29. ^ "A02 Cryptographic Failures – OWASP Top 10:2021". owasp.org. Retrieved October 25, 2024.
  30. ^ "SC Magazine Awards 2014" (PDF). Media.scmagazine.com. Archived from the original (PDF) on September 22, 2014. Retrieved November 3, 2014.
  31. ^ "Winners | SC Magazine Awards". Awards.scmagazine.com. Archived from the original on August 20, 2014. Retrieved July 17, 2014. Editor's Choice [...] Winner: OWASP Foundation
[edit]