Who are OWASP?

As part of Cybersecurity Awareness Month I'll be highlighting organisations and businesses that contribute to Cybersecurity, today it's OWASP.

The Challenge of Application Security

Developing software is easy to start, there's loads of great resources out there to learn. Becoming proficient takes time and experience but it's within the reach of most. Developing secure software on the other hand is difficult, and practically impossible on your own. But you don't need to do it on your own, and that's where the developer community comes in.

The need to develop secure software is an intractable problem. As new technologies arise and software is released, teams of malware developers and criminal enterprises are working hard to find flaws and exploits.

Thankfully, there are resources out there to help.

SAMM Model
The OWASP Software Assurance Security Model

The Open Web Application Security Project

OWASP was created as a community initiative to bring developers together to create content, documentation, advice, tools and technologies that help advance the state of application security. It's a non-profit organisations with local chapters all over the world that host face-to-face meetings, conferences, virtual events, Capture the Flag competitions and are a great way to meet developers in your area.

There's way too much great output from OWASP to do it justice in a short blog post but I'll highlight three great resources that will demonstrate the value of OWASP:

  1. OWASP Top Ten - a list of the most prevalent software security issues, updated every few years to reflect the changing state of the industry. If you address all of the Top 10 in your application it doesn't mean you're bullet-proof but it does mean you've gone a long way to securing your end users.
  2. Juice Shop - an intentionally vulnerable e-commerce website used for security training, CTF events, security awareness demos and contains all of the vulnerabilities in the OWASP Top Ten and more.
  3. Software Assurance Security Model (SAMM) - a framework to help organisations to assess, measure and track their security posture as the basis for a continuous improvement programme. The SAMM provides a set of tools and processes to help guide you through what could otherwise be a complex initiative - OWASP's members have already done much of the thinking on your behalf.

That's great, how to I take part?

First and foremost, the vast majority of OWASP's resources are free to all, visit OWASP.org and take a look through what they've got to offer.

That said, OWASP runs on the strength of its members so if you find value in their content you could provide a bit of value back either by donating or by joining OWASP as a member. Membership costs only $50 per year and for that you get access to discounts on training and conferences, free training materials, early-access to OWASP content and that warm fuzzy feeling of contributing to the community.

I'll leave you with an fascinating presentation from an OWASP London Chapter talk about Open Source Intelligence...