(Open Web Application Security Project) An organization founded by Mark Curphey in 2001 to help make open source software secure. With member communities around the world, OWASP projects are involved with specific programming languages, functions and applications as well as general rules for developing protected applications. For more information, visit www.owasp.org.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- 'Dumbing down' the security profession
- * Ryan Naraine is traveling. Guest editorial by Shyama Rose The market for the development and implementation of source code analysis static and dynamic tools is swelling. Companies are increasingly relying on source code analysis tools to identify security-related vulnerabilities. The demand and reliance...
- Blog posts 2008-12-01
- Clickjacking: Researchers raise alert for scary new cross-browser exploit
- [ UPDATE: See e-mail from NoScript creator Giorgio Maone on a possible mitigation ] Researchers are beginning to raise an alarm for what looks like a scary new browser exploit/threat affecting all the major desktop platforms -- Microsoft Internet Explorer, Mozilla Firefox, Apple...
- Blog posts 2008-09-25
- The empty debate over open source security
- The empty debate over open source securityAll Code InsecureGo browse OWASP. This article really doesnt say much of anything.Inherently Insecure Open Source! - COXMy rep almost lost his appetite as he told me about all of the years old Open source viriuses! He described it as a boiling over sewer...
- Discussion threads 2008-08-01
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Blog posts 2008-07-21
- Security is hard, accept it
- * Ryan Naraine is on vacation. Guest editorial by Dr Jose Nazario The past 10 or 15 years have been about the same things, largely, over and over again: input problems into single system applications or kernels. Buffer overflows (splitvt! NCSA...
- Blog posts 2008-07-10
- Kaminsky and Ptacek comment on DNS flaw
- Well, well, well, what a day for security news! I got a chance to get the scoop word of mouth from Dan Kaminsky of IOActive (pictured above [image courtesy of quinnums]) and Thomas Ptacek of Matasano pictured below on the DNS flaw that's been all over the...
- Blog posts 2008-07-08
- News to know: Searching Silverlight; IE 8; Dell; Google vs. YouTube
- Notable headlines: Mary Jo Foley: Microsoft: Silverlight content searchable, too Ryan Stewart: Brian Goldfarb talks about Silverlight 2 and Deep Zoom with Michael Cot LineRider releases a Silverlight 2 version Microsoft steps up self-policing of its OSI-approved source licenses ...
- Blog posts 2008-07-03
- PCI-DSS 1.1 points to outdated OWASP Top 10
- OK, I'm not going to freak out about this too bad... I've already pointed out enough problems with PCI, but I did find it morbidly entertaining. My good friend Jeremiah Grossman pictured at right blogged today about the PCI-DSS 1.1 section 6.5, which covers "prevention of common coding vulnerabilities in...
- Blog posts 2008-07-02
- 90ò0of all statistics can be made to say anything... 50ò0of the time, aka my thoughts on the Verizon report
- 90ò0of all statistics can be made to say anything... 50ò0of the time, aka my thoughts on the Verizon reportHow many breaches from External...sources were facilitated by poor practices of inside sources? Weak passwords, poor surfing habits, poor security implementations, etc. External breaches only occur when an insider allows it to...
- Discussion threads 2008-06-23
- Morse Code Rickroll 0-day... no, seriously, I mean it
- In the security research world, getting Rickrolled has become a global epidemic. If you've been to any of the recent conferences, you're sure to have been Rickrolled at least once... if you were fortunate enough to be at ToorCon Seattle, then you got Rickrolled about 300 times by Dan Kaminsky....
- Blog posts 2008-05-04
- Best Practices: Use of Web Application Firewalls
- Web applications of all kinds, whether online shops or partner portals, have in recent years increasingly become the target of hacker attacks. The attackers are using methods which are specifically aimed at exploiting potential weak spots in the web application software itself - and this is why they are not...
- White papers 2008-05-01
- Security expert discusses a possible future for PCI-DSS... it's grim
- Jeremiah Grossman discussed some recent comments about section 6.6 of the PCI standard made by Standards Council General Manager Bob Russo in a recent Information Security magazine article. I found a lot of thoughts I share with Grossman. Grossman says: I have a love-hate relationship with PCI-DSS. Love it...
- Blog posts 2008-04-14
- Microsoft 'Oxygen' security-management platform in the works
- Microsoft has hired security expert Mark Curphey, the former Chief Technology Officer of SourceClear, who is bringing with him to Microsoft the "Oxygen" security platform and security-lifecycle applications he had been developing. Curphey is joining the company as a member of the Application, Consulting and Engineering ACE...
- Blog posts 2007-10-09
- Use the revised OWASP Top Ten to secure your Web applications -- Part 8
- In this final installment in the revised Open Web Application Security Project OWASP Top 10 series, the final three vulnerabilities are explored -- insecure cryptographic storage, insecure communications, and failure to restrict URL access. Tom Olzak explains the nature of these weaknesses followed by recommendations for protecting Web applications from...
- Download resources 2007-06-13
- Use the revised OWASP Top Ten to secure your Web applications - Part 7
- The seventh installment in the 2007 OWASP Top 10 series takes a look at broken authentication and session management vulnerabilities. Tom Olzak explains the nature of this weakness followed by recommendations for protecting Web applications from attacks related to this security problem. This download is also available...
- Download resources 2007-06-06
- Use the revised OWASP Top Ten to secure your Web applications -- Part 6
- Vulnerability six in the 2007 OWASP Top Ten is Information Leaking and Improper Error Handling. Typically caused by verbose errors, attackers exploit this weakness to obtain information about the target system's software and hardware architecture. In this, the sixth in a series on the revised OWASP Top Ten Web Application...
- Download resources 2007-05-10
- Use the revised OWASP Top Ten to secure your Web applications -- Part 5
- Insecure direct object access and cross site request forgery CSRF are serious flaws found in many Web applications. In fact, some hackers say that there isn't a Web site on the Internet that isn't vulnerable in some way to CSRF. In this, the fifth in a series on the revised...
- Download resources 2007-04-18
- Use the revised OWASP Top Ten to secure your Web applications -- Part 4
- Malicious file execution is one more weakness caused by failing to control application input. In this, the fourth in a series on the revised OWASP Top Ten Web Application Vulnerabilities, Tom Olzak explains the nature of malicious code execution followed by recommendations for protecting Web applications from related attacks. Coding...
- Download resources 2007-04-02
- Use the revised OWASP Top Ten to secure your Web applications -- Part 3
- Injection flaws, specifically SQL injection vulnerabilities, can present the greatest business risk in a Web application environment. In this, the third in a series on the revised OWAP Top Ten Web Application Vulnerabilities, Tom Olzak explains the nature of injection flaws and SQL injection attacks and then makes recommendations for...
- Download resources 2007-03-23
- Use the revised OWASP Top Ten to secure your Web applications -- Part 2
- Cross site scripting XSS vulnerabilities are normally found in Web applications in which code injection is allowed. It is the most common Web application vulnerability. Scripts exploiting this weakness can cause serious problems for home and business users. In this download, Tom Olzak explores the types of cross site scripting...
- Download resources 2007-03-05
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Managed Hosting<
- If the cost of building and managing a robust technology infrastructure is prohibitive for your small or mid-sized business (SMB), managed hosting may be worth another look. For help determining whether a managed or dedicated hosting solution makes sense for your business, read this informative blog post by Josh Hoskins.
- Fully-managed hosted IT solutions Complete hosted solutions tailored to your needs with no capital expenditures — the smart approach to IT investment Discover no-capex IT
- From our sponsors
Smart IT Investment
