Open Web Application Security Project (OWASP)

What is the Open Web Application Security Project?

Cybersecurity is a major topic to tackle, and many organizations have been established over the years to ensure the security of various digital operations and assets. The Open Web Application Security Project (OWASP) is a nonprofit foundation that has been working for over 20 years to secure software around the world. Various resources and methods are used to work toward the foundation’s goals, including educational and training conferences and open-source projects such as code, documentation, and standards.

The OWASP mission statement is “to be the global open community that powers secure software through education, tools, and collaboration.” The core values of the foundation are cited as:

• Open: All aspects of the nonprofit are radically transparent, reinforcing trust and ensuring visibility for all members into everything that goes into the foundation and its operations.
• Innovative: The foundation encourages experimentation and creativity in developing potential solutions for software security issues.
• Global: The community and all that it produces are available to anyone worldwide who wishes to contribute to or benefit from the foundation’s work.
• Integrity: OWASP maintains a community that is “respectful, supportive, truthful, and vendor-neutral.”

An OWASP project can be started by anyone who thinks community support could help them develop or test their idea. The nonprofit aims to use the combined skills, expertise, resources, and ideas of experts and members across the globe to take tangible action to protect and secure all software. They sponsor, facilitate, and support visibility, credibility, and community among those sharing resources and developing projects for application security.

Key OWASP Projects

Due to the collaborative and open nature of OWASP projects, many are still in fledgling stages, known as Lab and Incubator projects. The more mature and well-known projects are in the categories of Production and Flagship. Flagship projects have “demonstrated strategic value to OWASP and application security as a whole” and may be familiar to cybersecurity experts.

• The OWASP Cheat Sheet Series aims to provide concise guides to best practices for developers and security professionals to follow.
• The OWASP Top Ten keeps track of the most pressing issues and risks as technology and threat trends develop over time.
• OWASP Amass enables security professionals to leverage open source techniques for attack surface mapping and external asset discovery.

The Future of OWASP

As OWASP’s efforts are all in service of protecting software globally, the vision for the future of the foundation is rooted in actionable decisions designed to ensure continuing and improved operations to that end. A recent OWASP board meeting laid out numerous plans for changes to the organization to keep it on track and secure its future.

The decisions that came about during this meeting covered a lot of ground, from the adoption of new by-laws to discussions of funding, projects, and committees. The bottom line is invariably that OWASP leaders intend to continue dedicating time and effort to ensure the security of applications as much as possible.

To explore the definitions of more fundamental cybersecurity terms, read up on 21 Essential Cybersecurity Terms You Should Know or 50+ Cybersecurity Acronyms & Definitions.