OWASP
The Open Web Application Security Project is an open-standards community which creates free (as in freedom and beer) standards for web_application_security. The Project's most successful outputs include the OWASP_Guide and the OWASP_Top_10. However, there is debate about the maturity and usefulness of the Top Ten document, as it is often misused as a security standard.
The project has participation from a wide range of web application consultants and like-minded companies, which is reflected in its output. Rarely are physical widgets or products featured in OWASP materials.
History
The OWASP Project was started in 2001 by Mark Curphey, who wrote the original OWASP Guide in a few months. His original Guide influenced the creation of another web application security book by Howard and LeBlanc at Microsoft, and he later participated in the creation of Microsoft's Threats and Countermeasures web application security book. Mark Curphey left OWASP in 2004 and has since started another site, Threats and Countermeasures.
OWASP was sold by Mark Curphey to Aspect Security, Inc. Aspect's CEO and President are OWASP's chair and conference chair, respectively. Aspect has substantially benefited through consulting work because of its affiliation with OWASP.
The primary users of the OWASP output are financial institutions and government bodies, although they rarely contribute to the project through volunteer time.
Principles
The principles within OWASP's projects are directly related to existing security principles, such as:
- risk - a risk is a possible event which could cause a loss
- threat - a threat is a method of triggering a risk event
- countermeasure - a countermeasure is a way to stop a threat from triggering a risk event
- defense in depth - never rely on one single security measure alone
- assurance - assurance is the level of guarantee that a security system will behave as expected
![[icon]](/enwiki/wiki/File:Wiki_letter_w_cropped.svg){kind=small} | This section needs expansion. You can help by adding to it. |