1 / 24
Other keys: show •
Space: good •
1-4: rate •
0: skip •
5: flag •
6: invert
Question
What is OWASP and what are some of its key projects?
Answer
OWASP (Open Worldwide Application Security Project) is a non-profit that publishes free, vendor-neutral tools, standards, and guidance for building secure software — its best-known output is the Top 10 list of web app risks.
Why it matters: web security advice is otherwise scattered and often tied to a vendor selling a product. OWASP fills that gap with community-driven, openly licensed resources that developers and auditors worldwide treat as a common baseline. Concretely, if you need to know how to do something securely, there's usually an OWASP Cheat Sheet for it; if you need to test an app, there's ZAP.
Key projects:
- Cheat Sheet Series - Security best practices
- Dependency Track - Component vulnerability monitoring
- OWASP SAMM - Software Assurance Maturity Model
- SecurityShepherd - Security training platform
- Security Knowledge Framework (SKF) - Security requirements
- ZAP - Web application security scanner
- ModSecurity Core Rule Set - WAF rules
- Top10 - Most critical security risks
Go deeper:
OWASP (Wikipedia) — encyclopedic overview of the foundation, its history, and its flagship projects.
or press any other key
Note saved — thanks!