Who is the OWASP® Foundation?
The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.
- Tools and Resources
- Community and Networking
- Education & Training
The OWASP Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering for the iOS and Android platforms, describing technical processes for verifying the controls listed in the MSTG’s co-project Mobile Application Verification Standard (MASVS). The MASVS defines a mobile app security model and lists generic security requirements for mobile apps, while the MSTG serves as a baseline for manual security testing and as a template for automated security tests during or after development. Included with the MSTG, the Mobile Security Hacking Playground is a collection of iOS and Android mobile apps that are intentionally built insecure. These apps are used as examples to demonstrate different vulnerabilities explained in the MSTG. Learn more about the MSTG and the MASVS.
Hosted at some of most iconic technology companies in the world, the Bay Area chapter is one of the Foundation’s largest and most active. This month they are hosting a Hacker Day and monthly meetups in San Francisco at Insight Engines and in South Bay at EBay. Usually the agenda includes three proactive and interesting talks, lots of interesting people to meet, and great food. The Bay Area Chapter also participates in planning AppSec California.
Over the last few years, the OWASP Dependency-Track project has led an industry shift towards framing open source risk as a subset of software supply chain risk. Dependency-Track was one of the first platforms to fully embrace Software Bill of Materials (SBOM) as a core tenant and design principal. The project is attributable to the creation of CycloneDX, an open source SBOM standard used by thousands of organizations, referenced by multiple RFCs and related supply chain initiatives.
Dependency-Track v3 has proven that SBOMs can be created, consumed, and analyzed at high-velocity in modern build pipelines. And its proven the value of full-stack transparency for IoT and embedded devices. Based on feedback from the community, from industry, and from government-led software transparency efforts, the project has made strategic enhancements to the software that sets the stage for future capabilities that are only achievable from the use of SBOMs....read more
Recent OWASP News & Opinions
- OWASP SecureFlag Open Platform Member Benefit, December 24, 2020
- Happy Holidays, and let's hope for a better 2021, December 23, 2020
- 2021 Call for Trainings Is Now Open!, December 22, 2020
- OWASP, our community, and vendors: a healthy and vendor neutral approach, December 17, 2020