This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Commercial Services

From OWASP
Revision as of 14:51, 23 April 2010 by Deleted user (talk | contribs)

Jump to: navigation, search

This is a DRAFT page!!


Home



OWASP's mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. As a value-add to the website we have attempted to centralize OWASP project deliverable-based services for you in a single OWASP Commercial Services Registry. Examples of OWASP project deliverable-based services include: ASVS-based verification, ESAPI-based integration, SAMM-based process improvement, OWASP Guide-based training). Firms listed on the project tabs that are accessible from this page promote the development and consumption by industry and government of tools and techniques that are based on OWASP open standards, best practices and design patterns. To be listed in the OWASP Commercial Services Registry, you can find instructions here. You can also contact the project lead here.


OWASP does not endorse commercial products or services.

Asvs-ad-where-at.png

Let's talk here

Asvs-bulb.jpgxxxCommunities

Further development of ASVS occurs through mailing list discussions and occasional workshops, and suggestions for improvement are welcome. For more information, please contact us.

Got xxx?

Asvs-writing.JPGASVS Translation

The ASVS project is always on the lookout for volunteers who are interested in translating ASVS into another language.

Related resources

Asvs-satellite.jpgOWASP Resources


Verification


Commercial OWASP ASVS verification providers are listed below. Organizations listed are not accredited by OWASP. Neither their products nor services have been endorsed by OWASP. Organizations listed either use ASVS or will help you use it. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, ASVS verification levels offered; approach to performing verifications, and contact name and email. Listings are not allowed to exceed 100 words.



OWASP Member
Organization
Preferences.png

... another OWASP member organization...
Preferences.png

Acme Application Security Co. (1A ,1B)

Acme Application Security Co. is headquartered in Memphis, Tennessee. Acme Application Security Co. serves both enterprises and governments. Areas of expertise include web 2.0 social media technologies. Acme Application Security Co.'s approach to performing dynamic scans (1A) combines passive vulnerability scanning with manually testing areas of interest. Our approach to performing source code scans (1B) targets both application code and goes beyond ASVS Level 1A requirements to additionally scan any open source underlying frameworks and libraries that were modified or extended to create your application. All reports are tailored to meet organization requirements. Contact us for more information.

Last modified: April 14, 2010 - 8:36

This organization is not an OWASP member

... not an OWASP member organization...

This organization is not an OWASP member

[1]... not an OWASP member organization...



Integration


Commercial OWASP ESAPI integration providers are listed below. Organizations listed are not accredited by OWASP. Neither their products nor services have been endorsed by OWASP. Organizations listed either use ESAPI or will help you use it. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, ESAPI integration platforms offered; approach to performing integrations, and contact name and email. Listings are not allowed to exceed 100 words.



OWASP Member
Organization
Preferences.png

... another OWASP member organization...
Preferences.png

Acme Application Security Co. (ESAPI for .NET, ESAPI for Java)

Acme Application Security Co. is headquartered in Memphis, Tennessee. Acme Application Security Co. serves both enterprises and governments. Areas of expertise include web 2.0 social media technologies. Acme Application Security Co.'s approach to performing dynamic scans (1A) combines passive vulnerability scanning with manually testing areas of interest. Our approach to performing source code scans (1B) targets both application code and goes beyond ASVS Level 1A requirements to additionally scan any open source underlying frameworks and libraries that were modified or extended to create your application. All reports are tailored to meet organization requirements. Contact us for more information.

Last modified: April 14, 2010 - 8:36

This organization is not an OWASP member

... not an OWASP member organization...

This organization is not an OWASP member

[2]... not an OWASP member organization...



Process Improvement


Commercial OWASP SAMM process improvement providers are listed below. Organizations listed are not accredited by OWASP. Neither their products nor services have been endorsed by OWASP. Organizations listed either use SAMM or will help you use it. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, SAMM business function process improvement services offered; approach to performing process improvement, and contact name and email. Listings are not allowed to exceed 100 words.



OWASP Member
Organization
Preferences.png

... another OWASP member organization...
Preferences.png

Acme Application Security Co. (Construction, Verification)

Acme Application Security Co. is headquartered in Memphis, Tennessee. Acme Application Security Co. serves both enterprises and governments. Areas of expertise include web 2.0 social media technologies. Acme Application Security Co.'s approach to performing dynamic scans (1A) combines passive vulnerability scanning with manually testing areas of interest. Our approach to performing source code scans (1B) targets both application code and goes beyond ASVS Level 1A requirements to additionally scan any open source underlying frameworks and libraries that were modified or extended to create your application. All reports are tailored to meet organization requirements. Contact us for more information.

Last modified: April 14, 2010 - 8:36

This organization is not an OWASP member

... not an OWASP member organization...

This organization is not an OWASP member

[3]... not an OWASP member organization...



Training


Commercial OWASP Guide training providers are listed below. Organizations listed are not accredited by OWASP. Neither their products nor services have been endorsed by OWASP. Organizations listed either use OWASP Guides or will help you use them. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, OWASP Guide training offered; approach to performing training, and contact name and email. Listings are not allowed to exceed 100 words.



OWASP Member
Organization
Preferences.png

... another OWASP member organization...
Preferences.png

Acme Application Security Co. (Development, Code Review)

Acme Application Security Co. is headquartered in Memphis, Tennessee. Acme Application Security Co. serves both enterprises and governments. Areas of expertise include web 2.0 social media technologies. Acme Application Security Co.'s approach to performing dynamic scans (1A) combines passive vulnerability scanning with manually testing areas of interest. Our approach to performing source code scans (1B) targets both application code and goes beyond ASVS Level 1A requirements to additionally scan any open source underlying frameworks and libraries that were modified or extended to create your application. All reports are tailored to meet organization requirements. Contact us for more information.

Last modified: April 14, 2010 - 8:36

This organization is not an OWASP member

... not an OWASP member organization...

This organization is not an OWASP member

[4]... not an OWASP member organization...