OWASP: The Best Web App Security Resource On The Internet
James Bond is known for having it all: fast cars, the latest spy gizmo, and the smug smirk which lets the audience know that he’ll always come out on top in the end. Web developers can, at times, be a lot like Bond: they can buy fast cars and, thanks to their respective industries, take a peek at technology before anyone else does.
But there’s one more thing that Bond and web application developers have in common, and that’s the backing of a reliable resource. Where Bond has MI6 watching his back, web developers have OWASP.
What Is OWASP?
OWASP stands for the Open Web Application Security Project—a not-for-profit cyber-security group which seeks to help both for-profit and non-profit organizations to develop, purchase and maintain web applications in a safe and secure manner. OWASP,which doesn’t affiliate itself with any company or organization,also educates those organizations, and individuals, on the many vulnerabilities which hackers can use to compromise the various websites and databases.
To do this, OWASP relies on the collective knowledge of IT professionals working on both open source (free and universally accessible) and corporate security projects to produce free articles, guides and tools to use to help other developers keep their websites secure. Those volunteers are divided up into teams, which work on various projects to make the Internet safer. Currently, there are over 140 ongoing projects.
Those projects, and the various elements constructing them, are divided into three categories: protect, detect, and life cycle. The protect category is a resource where developers can find tools and documents to identify and prevent any security flaws. The detect category contains tools and documents to find flaws in the design of a website. Finally, the life cycle category helps developers to add security features into an application’s software development life cycle.
How OWASP Helps Consumers
OWASP helps to both centralize the best security practices for web applications and to raise awareness over major security flaws in the development community.
For example, OWASP has recently updated its Top 10 web application security risks on the Internet today. The biggest risk: injection.
An injection attack is where an attacker seeks to gain access to a database connected to the Internet by exploiting vulnerabilities through code on the website. By gaining access to the database, an attacker can steal login information, possibly giving those attackers access to social security numbers and banking information elsewhere online. Fortunately, OWASP outlines how to identify an injection vulnerability and how to fix it.
There are a variety of risks out there, and developers usually don’t have the means of identifying and securing each vulnerability. But, like Bond, they have a terrific resource to turn to when they’re in a pickle. By using its collective, and impartial, knowledge, OWASP can better inform both web developers, and those seeking to build out their websites, of avoidable risks with little to no cost.
Digitally-minded consumers today regularly navigate a rough terrain of Trojans, viruses, and phishing attempts, so it’s good to know that a resource like OWASP is available to help make sense of web security.