OWASP – Inspectiv Blog

Dec 15 / Gwen Bettwy
By Team, Inspectiv

The Open Web Application Security Project (OWASP) was founded to ‘improve the security of software.’ They have existed for nearly 20 years and now have ‘hundreds of chapters and tens of thousands of members worldwide.’ The resource library they have created to assist developers, technologist, and their companies are incredible. The knowledge here should be gobbled up by any developer looking to improve the quality of their code and projects. After Colonial Pipeline more people need to turn to the OWASP Cheat Sheets and other tools found on their site.

Cheat Sheets Project

OWASP created their cheat sheet series to be of particular use to application developers and defenders. Their goal is to provide beneficial information, not just general best practices like ‘validate all input’. For example, their Injection Prevention Cheat Sheet in Java is part of the cheat sheets you can download. It points to the fact that you should do Input Validation, and then it goes into code-level details for what to do regarding SQL injections and how to use Query Parameterization to prevent it.

OWASP Top 10 Project

One of the projects that everyone that knows of OWASP knows about is their Top 10 web security risks. The latest version is dated 2017, although they have begun their work on the next version dated 2021. If you are interested in https://github.com/OWASP/Top10/contributing or following along, you can. One of the best things about OWASP is they are Open; this is the community working together. Did you know there is an OWASP Top 10 Mobile threats as well? The OWASP Mobile Security Project has many other projects aside from the Top 10. For example, there is a platform for people to practice their iOS penetration testing skills called ‘Damn Vulnerable iOS Application.’ They have 21 different exercises that you can practice your skills on that cover everything in the Top 10 mobile risks list.

Critical Infrastructure

The recent attack on the Colonial Pipeline was not unexpected. The US Government also knew that this was possible. It was indeed not a shock that this occurred for most, if not all, information security professionals. OWASP has also committed to working with the community to secure, among other things, the critical infrastructure ISVs (Independent Software Vendors (ISV)). More attacks will occur; we must secure our voting systems, infrastructure, defense, and supply chain.

Projects

There are many more terrific projects to explore at OWASP! Look for our next posts on OWASP!