Embracing the OWASP Top 10

Share this story:Tweet about this on Twitter2Share on LinkedIn8Share on Google+0Share on Facebook3

owasp-footer-logoIn a previous article, I briefly talked about the Open Web Application Security Project (OWASP) and based on some recent projects, I wanted to shed some light on this incredible organization. Established in 2001, OWASP’s mission is simply to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. As a result of OWASP providing best practices, guidelines, advice and tools, web applications have become even more secure. Unlike other security organizations, OWASP’s strength lies within the open, global community independent of commercial pressures, so they can provide the most effective and innovative approaches to security. Organizations and practitioners alike can utilize the resources from OWASP to help reduce the security exposure for applications with a level of trust from an open community.

My first one-on-one interaction with OWASP was during one of my late Monday night security training courses. The class talked in detail about following the OWASP Top 10 list and using that document as a guide to making sure applications are secure. That served as a catalyst to my understanding and usage of OWASP resources. Without a doubt, the OWASP Top 10 is the most popular project in the community. Notably the PCI Council relies on it for PCI DSS along with other large companies like Microsoft, Oracle and Citrix. In addition, the U.S. Defense Information Systems Agency (DISA) recommends using the Top 10 for the DoD Information Assurance Certification and Accreditation Process (DIACAP).

“So, what is the Top 10 all about?” you might ask. The value of the Top 10 is that is serves as an awareness document that identifies risks for organizations and the 2013 edition marks the 10th anniversary of the Top 10 (last updated in 2010). It covers items like SQL injection attacks under the A1-Injection section and provides cheat sheets for engineers to prevent flaws. It should be noted that OWASP is not limited to just the Top 10 list, there are many other projects around guides, tools for both learning and work, and code as well to utilize.

Throughout the last decade I have found OWASP to be a valuable resource that I’d recommend to all security practitioners. I’m happy to say Ipswitch is now sponsoring OWASP so that the project can continue to help improve security awareness. At Ipswitch, we believe in the mission and core values and want to see the continued success of the OWASP community along with being engaged with it. I definitely recommend checking out the projects and resources at OWASP if you haven’t already.

I’m interested in hearing about any tips or recommendations based on OWASP that you may have—please share below in the comments section.

This entry was posted in Auditing, Compliance, Security. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Leave a Reply

  • Subscribe to the Blog

  • Recent Posts

  • Steve Staden

    Steve Staden, CISSP is responsible for product line management and strategy. His broad skill-set includes general management, integration,PLM, SDLC, Agile/Scrum and computer security. Steve has worked with the MOVEit line of products for over 10 years and is an expert in all things MOVEit.

    Most recently Steve was the Director of Development and QA for the Ipswitch FT division. He led all development projects, processes and releases. Before that Steve worked as a Development Manager and Security Analyst leading small development teams on MessageWay, MOVEit and WS_FTP Server releases.

    Before Ipswitch, Steve worked for Standard Networks (acquired by Ipswitch in 2008) in the support and professional services area. He then created and led the QA department for Standard Networks as the QA Manager improving the automation and testing coverage. Steve has a B.S. degree in Computer Science and Finance from Northern Illinois University and an M.B.A. from University of Wisconsin.