(Open Web Application Security Project) An organization founded by Mark Curphey in 2001 to help make open source software secure. With member communities around the world, OWASP projects are involved with specific programming languages, functions and applications as well as general rules for developing protected applications. For more information, visit www.owasp.org.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure Cloud Computing
- Cloud computing was not designed for security, although organizations such as Cloud Security Alliance CSA and Open Web Application Security Project OWASP are making great strides in helping the industry solve the myriad security problems confronting cloud computing. The benchmark guidelines established by the CSA in the document, Guidance for...
- White papers 2009-07-22
- Security Pitfalls in Stripes Web Applications
- The Stripes framework (www.stripesframework.org) is a Java web presentation framework that aims to ease the process of creating Java based web applications, by favouring defaults over verbose configuration and by providing a single backing bean for both properties and methods. This paper covers Stripes version 1.5.1 from www.stripesframework.org. It exposes...
- White papers 2009-05-11
- URL rewriting can help thwart Web app attacks
- A Microsoft Web application security specialist is suggesting an offbeat defense-in-depth strategy to protect Web sites and applications from cross-site scripting XSS and cross-site request forgery XSRF attacks. According to Bryan Sullivan, security program manager for Redmond's Security Development Lifecycle team, Web developers should consider URL Rewriting...
- Blog posts 2009-02-27
- Honeywell Protects Against Web Threats, Achieves Significant Cost Savings Using Breach Security WebDefend
- Global companies like Honeywell are often targeted at the web application layer. As new online threats emerged, Honeywell sought solutions to protect its extensive web layer. Specifically, Honeywell wanted protection against threats listed on the Open Web Application Security Project's OWASP Top Ten list, which includes cross-site scripting and SQL...
- Case studies 2009-01-13
- WebDefend and the OWASP Top Ten
- With all the web application attacks and vulnerabilities surfacing - it is hard to know where to focus the security efforts. Luckily, OWASP produces the OWASP Top Ten list to raise awareness of web application security. This list is an outstanding starting point for prioritizing web application security attacks and...
- Webcasts 2009-01-01
- Outsmarting Tomorrow's Hackers Today
- Network IDS/IPS and first-generation Web Application Firewalls WAFs don't protect against today's sophisticated web application threats, such as cross-site scripting, injection flaws and other vulnerabilities listed on the OWASP Top 10. IT professionals need the necessary visibility into their web application security to understand how applications are being used, when...
- Webcasts 2009-01-01
- 'Dumbing down' the security profession
- * Ryan Naraine is traveling. Guest editorial by Shyama Rose The market for the development and implementation of source code analysis static and dynamic tools is swelling. Companies are increasingly relying on source code analysis tools to identify security-related vulnerabilities. The demand and reliance...
- Blog posts 2008-12-01
- Clickjacking: Researchers raise alert for scary new cross-browser exploit
- [ UPDATE: See e-mail from NoScript creator Giorgio Maone on a possible mitigation ] Researchers are beginning to raise an alarm for what looks like a scary new browser exploit/threat affecting all the major desktop platforms -- Microsoft Internet Explorer, Mozilla Firefox, Apple...
- Blog posts 2008-09-25
- The empty debate over open source security
- The empty debate over open source securityAll Code InsecureGo browse OWASP. This article really doesnt say much of anything.Inherently Insecure Open Source! - COXMy rep almost lost his appetite as he told me about all of the years old Open source viriuses! He described it as a boiling over sewer...
- Discussion threads 2008-08-01
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Blog posts 2008-07-21
- Security is hard, accept it
- * Ryan Naraine is on vacation. Guest editorial by Dr Jose Nazario The past 10 or 15 years have been about the same things, largely, over and over again: input problems into single system applications or kernels. Buffer overflows (splitvt! NCSA...
- Blog posts 2008-07-10
- Kaminsky and Ptacek comment on DNS flaw
- Well, well, well, what a day for security news! I got a chance to get the scoop word of mouth from Dan Kaminsky of IOActive (pictured above [image courtesy of quinnums]) and Thomas Ptacek of Matasano pictured below on the DNS flaw that's been all over the...
- Blog posts 2008-07-08
- News to know: Searching Silverlight; IE 8; Dell; Google vs. YouTube
- Notable headlines: Mary Jo Foley: Microsoft: Silverlight content searchable, too Ryan Stewart: Brian Goldfarb talks about Silverlight 2 and Deep Zoom with Michael Cot LineRider releases a Silverlight 2 version Microsoft steps up self-policing of its OSI-approved source licenses ...
- Blog posts 2008-07-03
- PCI-DSS 1.1 points to outdated OWASP Top 10
- OK, I'm not going to freak out about this too bad... I've already pointed out enough problems with PCI, but I did find it morbidly entertaining. My good friend Jeremiah Grossman pictured at right blogged today about the PCI-DSS 1.1 section 6.5, which covers "prevention of common coding vulnerabilities in...
- Blog posts 2008-07-02
- 90ò0of all statistics can be made to say anything... 50ò0of the time, aka my thoughts on the Verizon report
- 90ò0of all statistics can be made to say anything... 50ò0of the time, aka my thoughts on the Verizon reportHow many breaches from External...sources were facilitated by poor practices of inside sources? Weak passwords, poor surfing habits, poor security implementations, etc. External breaches only occur when an insider allows it to...
- Discussion threads 2008-06-23
- Morse Code Rickroll 0-day... no, seriously, I mean it
- In the security research world, getting Rickrolled has become a global epidemic. If you've been to any of the recent conferences, you're sure to have been Rickrolled at least once... if you were fortunate enough to be at ToorCon Seattle, then you got Rickrolled about 300 times by Dan Kaminsky....
- Blog posts 2008-05-04
- Best Practices: Use of Web Application Firewalls
- Web applications of all kinds, whether online shops or partner portals, have in recent years increasingly become the target of hacker attacks. The attackers are using methods which are specifically aimed at exploiting potential weak spots in the web application software itself - and this is why they are not...
- White papers 2008-05-01
- Security expert discusses a possible future for PCI-DSS... it's grim
- Jeremiah Grossman discussed some recent comments about section 6.6 of the PCI standard made by Standards Council General Manager Bob Russo in a recent Information Security magazine article. I found a lot of thoughts I share with Grossman. Grossman says: I have a love-hate relationship with PCI-DSS. Love it...
- Blog posts 2008-04-14
- Microsoft 'Oxygen' security-management platform in the works
- Microsoft has hired security expert Mark Curphey, the former Chief Technology Officer of SourceClear, who is bringing with him to Microsoft the "Oxygen" security platform and security-lifecycle applications he had been developing. Curphey is joining the company as a member of the Application, Consulting and Engineering ACE...
- Blog posts 2007-10-09
- Use the revised OWASP Top Ten to secure your Web applications -- Part 8
- In this final installment in the revised Open Web Application Security Project OWASP Top 10 series, the final three vulnerabilities are explored -- insecure cryptographic storage, insecure communications, and failure to restrict URL access. Tom Olzak explains the nature of these weaknesses followed by recommendations for protecting Web applications from...
- Download resources 2007-06-13
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
Enterprise Applications
- Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
- New Online Dashboard
-
- Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline
-
