OWASP Testability Patterns for Web Applications

More secure web applications with privacy incorporated

The application of standard business practices to building software applications is advancing rapidly to meet the evolving needs of web-based application software powered by artificial intelligence (AI). The EU-funded TESTABLE project proposes a software development lifecycle (SDLC) that combines two metrics to quantify the security and privacy risks of a program: the code testability and vulnerable behaviour indicators. TESTABLE will empower software/AI developers, managers, testers, and auditors to reduce the risk by building better security and privacy testing techniques for web applications and removing or mitigating the impact of the patterns causing the high-risk levels. It will develop algorithms, techniques, and tools to analyse, test, and study web applications.

OWASP Testability Patterns for Web Applications

OWASP TESTABLE redefines the classical secure development life-cycle around the concept of testability, providing new tools for:

  • Web and AI/ML Developers
  • Managers
  • Security Teams

Objective

The OWASP project aims to deliver tools and methodologies for:

  • Managers: New metric quantifying the security and privacy risks of a program.
  • Developers: Better and flexible tools to improve testability, reducing security and privacy risk exposure.
  • Security teams: Better and more flexible security, privacy testing, and AI/ML tools.

Next Talk: OWASP AppSec Dublin 16th February

Luca Compagna will talk about the project at the next OWASP AppSec Dublin
When: Thursday February 16, 2023 10:30am - 11:30am GMT
Where: Liffey Meeting Room 2


Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.


Team involved

  • CISPA - HELMHOLTZ-ZENTRUM FUR INFORMATIONSSICHERHEIT GGMBH

  • EURECOM, France

  • TECHNISCHE UNIVERSITAET BRAUNSCHWEIG, Germany

  • UNIVERSIDAD CARLOS III DE MADRID, Spain

  • SAP SE, Germany

  • SHIFTLEFT GMBH, Germany

  • IMQ MINDED SECURITY SRL, Italy

  • NORTONLIFELOCK FRANCE, France

  • NORTONLIFELOCK IRELAND LIMITED, Ireland

  • PLURIBUS ONE SRL, Italy