OWASP: Difference between revisions

The Open Web Application Security Project is an open-standards community which creates free (as in freedom and beer) standards for web_application_security. The Project's most successful outputs include the OWASP_Guide and the OWASP_Top_10.

The project has participation from a wide range of web application consultants and like-minded companies, which is reflected in its output. Rarely do physical widgets or products feature in OWASP materials.

The OWASP Project was started in 2001 by Mark Curphey, who wrote the original OWASP Guide in a few months. His original Guide influenced the creation of another web application security book by Howard and LeBlanc at Microsoft, and he later participated in the creation of Microsoft's Threats and Countermeasures web application security book. Mark Curphey left OWASP in 2004 and has since started another site, Threats and Countermeasures.

The primary users of the OWASP output are financial institutions and government bodies, although they rarely contribute to the project through volunteer time.

The principles within the OWASP's projects are directly related to existing security principles, such as:

• risk - a risk is a possible event which could cause a loss
• threat - a threat is a method of triggering a risk event
• countermeasure - a countermeasure is a way to stop a threat from triggering a risk event
• defense in depth - never rely on one single security measure alone
• assurance - assurance is the level of guarantee that a security system will behave as expected

This section needs expansion. You can help by adding to it.

• security

• OWASP Project
• The Web Application Security Consortium (WASC)
• Threats and Countermeasures
• Writing Secure Code (MS Press)
• Threats and Countermeasures (MSDN)

Category:Security