I’m pleased to announce that Fortify is a proud sponsor of the Open Web Application Security Project (OWASP), a non-profit foundation that works to improve the security of software. OWASP’s programming includes:
- Community-led open source software projects
- Over 200+ local chapters worldwide
- Tens of thousands of members
- Industry-leading educational and training conferences
What does OWASP do?
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of their projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security. For nearly two decades corporations have supported the OWASP Foundation and its work, and the Fortify team is thrilled to be listed among these corporate supporters.
What are some of OWASP’s Biggest Projects?
The OWASP Top 10
The OWASP Top 10 is a standard awareness document for developers and application security professionals. It represents a broad consensus about the most critical security risks to web applications. Using the OWASP Top 10 as a reference is one of the most effective ways to maintain a secure development culture within an organization. You can view the most recent OWASP Top Ten here.
Dependency-Track is an intelligent Composition Analysis platform that helps organizations identify and reduce risk in the software supply chain. Dependency-Track monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization. The platform has an API-first design and is ideal for use in CI/CD environments.
Software Assurance Maturity Model (SAMM)
The mission of SAMM is to provide an effective and measurable way for organizations to analyze and improve their secure development life cycle. SAMM was built to be risk-driven in nature, it supports the complete software life cycle and is technology and process agnostic. You can check out the OWASP SAMM v2 model here.
What does it mean for Fortify to be a corporate sponsor of OWASP?
We love OWASP here at Fortify. By choosing to be a corporate sponsor of OWASP, we’re demonstrating our commitment to bettering the application security industry by supporting everything OWASP is doing. Fortify is excited to be a member of the OWASP Foundation and support the good work they do. Let’s hear it for OWASP!
Watch related “What is the OWASP Top 10?” video our Fortify Unplugged YouTube channel:
About Micro Focus Fortify
Fortify has been named a leader in the Gartner Magic Quadrant for Application Security Testing for the 8th time.
Fortify offers an end-to-end application security solution that secures and protects code throughout the entire development lifecycle of any type of software—from development to testing, release to production and every iteration in between. Fortify static, dynamic, interactive, and runtime security testing technologies are available on premise or on demand, offering organizations the flexibility needed to build an end-to-end software security assurance program.