OWASP

The Open Web Application Security Project ( OWASP ) is a non-profit organization with a mission to improve the security of applications and services on the World Wide Web. By creating transparency and end-user organizations should be able to make informed decisions about real security risks in software.

At the OWASP community companies, educational institutions and individuals involved from all over the world. Within the community freely available information materials, methods, tools and technologies to be developed.

The OWASP is not with technology companies directly, although it supports the thoughtful use of security technology. The compounds are avoided in order to be free from organizational side constraints. This makes it easier to provide unbiased, practical and economic information on application security.

The OWASP 's approach is to achieve information security, taking into account the participants, processes and dimensions of the technology.

Projects

The OWASP projects are largely divided into two main categories: development and documentation projects.

The documentation project currently consists of:

  • OWASP Application Security Verification Standard ( ASVS - a standard for implementation of safety verification at application level ).
  • The Guide - This document contains detailed recommendations for web application security.
  • Top Ten Most * DotNet - a variety of tools to hedge Dot -Net environments.
  • Enigform - to realize a set of exemplary terminal- and server-side applications with OpenPGP features (including encryption, signing ) in HTTP.
  • ESAPI - OWASP Enterprise Security API ( ESAPI ) Project - a free and open collection of methods that are needed to create secure web applications.
  • AntiSamy - a tool to validate input on the Web and encoding of the result.
  • XSSer - an automatic system to detect, exploit and report cross-site scripting vulnerabilities in web applications.
  • WebGoat - a deliberately insecure web application, produced by OWASP as a guide for safe programming methods.
  • WebScarab - an http and https proxy server that can be used to change the contents of data packets to examine and interrupt transmission. This offers the user a better understanding of what the information is transmitted from the Web server, and can be used to uncover potential vulnerabilities.
  • OWASP Mantra Security Framework - a collection of hacking tools, extensions and scripts based on Mozilla Firefox.

Organization

The OWASP has five employees and very low expenses that are covered by conferences, sponsorship and banners. It will be paid thousands of dollars a year in premiums as grants for promising application security research projects.

Pretty Good Privacy#OpenPGP Cross-Site-Scripting
621692
de