LOGBOOK

HELP

1 / 24
Other keys: showSpace: good1-4: rate0: skip5: flag6: invert

Question

What is OWASP and what are some of its key projects?

Answer

OWASP (Open Worldwide Application Security Project) is a non-profit that publishes free, vendor-neutral tools, standards, and guidance for building secure software — its best-known output is the Top 10 list of web app risks.

Why it matters: web security advice is otherwise scattered and often tied to a vendor selling a product. OWASP fills that gap with community-driven, openly licensed resources that developers and auditors worldwide treat as a common baseline. Concretely, if you need to know how to do something securely, there's usually an OWASP Cheat Sheet for it; if you need to test an app, there's ZAP.

Key projects:

  • Cheat Sheet Series - Security best practices
  • Dependency Track - Component vulnerability monitoring
  • OWASP SAMM - Software Assurance Maturity Model
  • SecurityShepherd - Security training platform
  • Security Knowledge Framework (SKF) - Security requirements
  • ZAP - Web application security scanner
  • ModSecurity Core Rule Set - WAF rules
  • Top10 - Most critical security risks

Go deeper:

  • doc OWASP (Wikipedia) — encyclopedic overview of the foundation, its history, and its flagship projects.
Illustration
OWASP · CC BY-SA 4.0 · Wikimedia Commons
or press any other key