This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "About The Open Web Application Security Project"
Weilin Zhong (talk | contribs) |
Weilin Zhong (talk | contribs) |
||
| Line 1: | Line 1: | ||
| + | __TOC__ | ||
| + | |||
[[Guide Table of Contents]] | [[Guide Table of Contents]] | ||
Revision as of 18:50, 18 May 2006
Welcome to the OWASP Guide 2.1! Web application security is an essential component of any successful project, whether open source PHP applications, web services such as straight through processing, or proprietary business web sites. Hosters (rightly) shun insecure code, and users shun insecure services that lead to fraud. The aim of this Guide is to allow businesses, developers, designers and solution architects to produce secure web applications. If done from the earliest stages, secure applications cost about the same to develop as insecure applications, but are far more cost effective in the long run.
Structure and Licensing
The OWASP Foundation is the not for profit (501c3) entity that provides the infrastructure for the OWASP community. The Foundation provides our servers and bandwidth, facilitates projects and chapters, and manages the worldwide OWASP Application Security Conferences. All OWASP materials are available under an approved open source license. If you opt to become an OWASP member organization, you can also use the commercial license that allows you to use, modify, and distribute all OWASP materials within your organization under a single license.
Participation and Membership
Everyone is welcome to participate in our forums, projects, chapters, and conferences. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. If you find the OWASP materials valuable, please consider supporting our cause by becoming an OWASP member. All monies received by the OWASP Foundation go directly into supporting OWASP projects.
Projects
OWASP projects are broadly divided into two main categories: development projects, and documentation projects. Our documentation projects currently consist of:
- The Guide This document that provides detailed guidance on web application security
- Top Ten Most Critical Web Application Vulnerabilities A high-level document to help focus on the most critical issues
- Metrics A project to define workable web application security metrics
- Legal A project to help software buyers and sellers negotiate appropriate security in their contracts
- Testing Guide A guide focused on effective web application security testing
- ISO17799 Supporting documents for organizations performing ISO17799 reviews
- AppSec FAQ Frequently asked questions and answers about application security
Development projects include:
- WebScarab A web application vulnerability assessment suite including proxy tools
- Validation Filters (Stinger for J2EE, filters for PHP) Generic security boundary filters that developers can use in their own applications
- WebGoat An interactive training and benchmarking tool that users can learn about web application security in a safe and legal environment
- DotNet A variety of tools for securing .NET environments.
