The Open Web Application Security Project (OWASP) is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is organization that supports and manages OWASP projects and infrastructure.
OWASP is not affiliated with any technology company, although it supports the informed use of security technology. OWASP has avoided affiliation as it believes freedom from organizational pressures may make it easier for it to provide unbiased, practical, cost-effective information about application security OWASP advocates approaching application security by considering the people, process, and technology dimensions.
OWASP projects are broadly divided into two main categories, development projects, and documentation projects. Its documentation projects currently consist of:
- The Guide – This document that provides detailed guidance on web application security
- Top Ten Most Critical Web Application Vulnerabilities – A high-level document to help focus on the most critical issues
- Metrics – A project to define workable web application security metrics
- Legal – A project to help software buyers and sellers negotiate appropriate security in their contracts
- Testing Guide – A guide focused on effective web application security testing
- ISO 17799 – Supporting documents for organizations performing ISO17799 reviews
Development projects include:
- WebScarab – a web application vulnerability assessment suite including proxy tools
- Validation Filters – (Stinger for J2EE, filters for PHP) generic security boundary filters that developers can use in their own applications
- WebGoat – an interactive training and benchmarking tool that users can learn about web application security in a safe and legal environment
- DotNet – a variety of tools for securing .NET environments.
- And many other application security tools
