In 2001, Mark Curphey started the Open Web Application Security Project (OWASP). OWASP is an open source application security community with the goal to improve the security of software. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
Throughout the last 18 years, OWASP has been responsible for creating and maintaining numerous publications and resources such as:
- OWASP Software Assurance Maturity Model
- The Software Assurance Maturity Model (SAMM) project is committed to building a usable framework to help organizations formulate and implement a strategy for application security that is tailored to the specific business risks facing the organization.
- OWASP Development Guide
- The Development Guide provides practical guidance that covers an extensive array of application-level security issues, from SQL injection through modern concerns such as phishing, credit card handling, session fixation, cross-site request forgeries, compliance, and privacy issues.
- OWASP Testing Guide
- The OWASP Testing Guide includes a "best practice" penetration testing framework that users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
- OWASP Code Review Guide
- The code review guide is currently at release version 2.0, released in July 2017
Of all the resources created, their most popular and referenced publication is the OWASP Top 10. First created in 2003, the Top 10 aims to raise awareness about application security by identifying some of the most critical risks facing organizations.
Since security risks are constantly evolving, the OWASP Top 10 list is revised periodically to reflect these changes. In the latest version of OWASP Top 10 released in 2017, some types of vulnerabilities which no longer represent a serious threat were replaced with ones most likely to pose a significant risk. The following table provides a summary of what has changed since the last version of the Top 10 in 2013.
In Micro Focus Fortify’s most recent whitepaper, A Developers Guide to the OWASP Top 10, we provide an overview of each 2017 OWASP Top 10 application security risk and practical tips for writing secure code. The whitepaper also provides sample code snippets and easy-to-follow remediation guidance to help you improve the security of your applications.
Great coding is not just about speed and functionality, it’s about minimizing security risk. See how the Developers Guide to the OWASP Top 10 can help you do just that!