Five OWASP Projects You Should Know About

Credit to Author: stephenlawton| Date: Mon, 21 Mar 2022 10:00:03 +0000

The Open Web Application Project (OWASP) is famously known for its Top 10 project; however, it supports and promotes many other great projects that could help your organization’s cybersecurity posture. 

There are dozens of open projects supported in some way or capacity by OWASP, and not all of them are strictly web-application specific. I’ve compiled this list of five (non-Top 10) projects that you should know about. 

Application Security Verification Standard 

Application Security Verification Standard (ASVS) is an open standard to ensure your apps are built securely from a best-practices perspective. While there are hundreds of controls, ASVS is broken down into three tiers depending on the type of data processed by the application. 

What I love most about ASVS is that it’s as prescriptive as it can get, unlike other guidance that can sometimes feel too vague. 

Security Knowledge Framework (SKF)     

Providing secure code training to developers can be costly in terms of time and licensing costs. OWASP maintains the Security Knowledge Framework, which provides a platform to integrate ASVS and MASVS requirements into your sprint planning while also providing tons of labs for developers to practice secure coding principles. 

Cheat Sheet Series 

The OWASP Cheat Sheet series is a goldmine of information if you want sound tactical guidance on application security. It covers everything from Security Assertion Markup Language (SAML) and threat modeling to cryptography and containers. 

Nightingale  

Do you dabble/work in penetration testing? Think it would be nifty to have a container image prebaked with everything you need, including Metasploit? Then check out Nightingale, which does this for you. 

CycloneDX  

Software Bill of Materials (SBOMs) are all the rage these days. CycloneDX is the leading SBOM standard designed primarily for security needs. I predict most Software Composition Analysis-type tools will standardize on this for SBOM export features. 

 

http://feeds.feedburner.com/sophos/dgdY

Leave a Reply