This project is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to... More > encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved.
For more information please check the OWASP Foundation's website - OWASP Application Security Desk Reference (ASDR) Project.< Less
The OWASP Testing Guide (2009 Version 3.0) includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level"... More > penetration testing guide that describes techniques for testing most common web application and web service security issues.
OWASP Testing Guide v3 is a 349 page book; we have split the set of active tests in 9 sub-categories for a total of 66 controls to test during the Web Application Testing activity.
For more information, please check out the project home page at OWASP Testing Guide V3.0 Project.< Less
The OWASP Application Security Codes of Conduct set out to define a set of minimal requirements for other organizations specifying the most effective ways they could support OWASP's mission. There... More > are six codes - for Government Bodies, for Educational Institutions, for Standards Groups, for Trade Organizations, for Certifying Bodies and for Development Organizations.< Less
The Code Review Guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe... More > it’s a key enabler for the OWASP fight against software insecurity. It has even inspired individuals to build tools based on its information. The combination of a book on secure code review and tools to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.
Going forward I hope to further integrate with the ASVS and other guides such as the testing and ASDR guides shall be perfromed for version 2.0.
For more information, please check out the project home page at OWASP Code Review Guide V1.1.< Less
This project aims to improve and to collect the existent information about the backend security. The project is composed by three sections (security development, security hardening and security... More > testing). The aim is to define the guidelines for the companies and IT professionals working in the security field into processes development and back-end components management/testing in the enterprise architecture.
For more information, please check out the project home page at OWASP Backend Security Project.< Less
[Note: black & white report]
At the OWASP Summit 2011, over 150 application security experts from over 120 companies and 30 different countries joined forces to plan, build, and execute programs... More > to improve the security of the world’s software applications. The Summit was a significant step towards OWASP’s mission to ensure all types of organizations are empowered to build, select, and use software applications securely. This Post-Summit Report covers the outcomes of the 2011 working sessions and includes artifacts such as the 2011 Browser Security Report, OWASP Security Codes of Conduct, DOM based XSS Prevention Cheat Sheet, and the revised OWASP Foundation Bylaws. Also, this Report covers background information on previous OWASP Summits, as well as Summit 2011 operational and budget details. More information can be found at: https://www.owasp.org/index.php/Summit_2011_Outcomes< Less