What is OWASP?
The Open Web Application Security Project or OWASP is a nonprofit foundation that works to improve the security of software.
The OWASP Foundation is the source for developers and technologists to secure the web through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences.
For nearly two decades corporations, foundations, developers, and volunteers have supported the OWASP Foundation and its work. One of the most important resources that OWSAP produces is the OWASP top 10. This is a regularly-updated report outlining security concerns for web application security, focusing on the 10 most critical risks. The report is put together by a team of security experts from all over the world.
Why it is important for GitGuardian to join as a Gold Corporate sponsor
GitGuardian is a company of the generation that benefited deeply from the resources that OWASP provided. This benefit is both directly through the resources which enabled GitGuardian to build a secure a robust application, but also indirectly through the developers that have built GitGuardian who all are intimately familiar with OWASP and their resources.
GitGuardian is now in the privileged position to begin giving back to the OWASP community and along with many other companies who have also benefited from the OWASP community, we see it as not just a responsibility but an honor to sponsor this organization and community.
What projects are we actively supporting
Thanks to this sponsor we can support up to 5 different OWASP projects or chapters. Here is our choice for this year 2022:
Managing secrets can be difficult especially at scale, WrongSecrets is a pawnable application that teaches developers how NOT to store secrets through a series of challenges. The goal is to find all the different secrets by means of various tools and techniques.
As the project founder Jeroen Willemsen said in an interview with GitGuardian, "Secrets management reflects in a very nice way how mature the security of your organization is” and WrongSecrets is a great tool to be able to build maturity in your organization.
Working in cyber security means that we are evolving in a complex and fast pacing world! At GitGuardian, we share the same passion for Cheat Sheets. They are the smartest way to ramp up on basically anything and so just so useful to remember the essential!
Here is a short selection of OWASP essentials cheat sheets for 2022
- Threat Modeling Cheat Sheet
- Attack Surface Analysis Cheat Sheet
- Password Storage Cheat Sheet
- REST Security Cheat Sheet
- NPM Security Cheat Sheet
- Web Service Security Cheat Sheet
- Microservices security
- Multifactor Authentication Cheat Sheet
- Securing Cascading Style Sheets Cheat Sheet
- HTML5 Security Cheat Sheet
- Nodejs Security Cheat Sheet
- Ruby on Rails Cheat Sheet
The OWASP Security Knowledge Framework is a free and open source web application that explains secure programming principles in a variety of programming languages.
The goal of OWASP-SKF is to help you learn and integrate security by design into your software development and build secure by design applications.
OWASP-SKF accomplishes this through manageable software development projects that include checklists for security verification (using SKF-Labs, OWASP Juice-shop, and best practice code examples from SKF and the OWASP-Cheatsheets).
The current level of security provided by web applications is insufficient to ensure security. This is primarily due to web developers' lack of awareness of the risks and dangers that lurk, waiting to be exploited by hackers.
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the 10 most critical security concerns for web application security. The report is put together by a team of security experts from all over the world and the data comes from a number of organizations and is then analyzed.
You can read a more in depth article where we discuss What’s new in the 2021 OWASP Top10?
5. OWASP Austin
You may be familiar with GitGuardian as a French company based in Paris, what you may not know is that GitGuardian is coming to Austin! As many of our customers are based in the US we have decided to set up a base and what better place than in Austin. So naturally, we are looking to support our local OWASP chapter.
OWASP has long been the gold standard central security resource for developers, engineers, and security professionals and GitGuardian is thrilled to be able to support and contribute to the great work the OWSAP is doing to help us continue to build secure applications.