The non-profit Open Web Application Security Project (OWASP) is a foundation which works to improve software security. It was launched on December 1, 2001 and since then it has been helping developers continuously with free guides and resources.

WSTG 4.1, of course

The guides are free; you are free to join the project. They deal with several topics and we can find help in several types of development on their pages.

One of OWASP’s flagships is the OWASP Top Ten project, which points to the top 10 critical issues affecting web applications. In recent years, this project has become an industry-accepted common reference base.

Following the footsteps of the Top Ten, the Web Security Tesing Guide, already recommended for testing web applications, has been developed. This document helps ethical hackers examine web applications. The book is constantly evolving, with the latest version released on April 12, 2020.

The OWASP Application Security Verification Standard is not only for security professionals, it is also recommended for developers. The official version 4.0.1 was released on March 2, 2019, and its version, also found on Github, is constantly being developed. It is particularly interesting that it categorizes applications according to three security levels and makes recommendations for each level, thus helping developers to orient themselves.

The OWASP Mobile Security Testing Guide helps you test mobile applications. This guide is not only for security experts, it also allows developers to easily review the requirements for a secure mobile app, be it an Android or even an iOS app. Moreover, most of the tips and tricks in this material are a must read for any mobile developer!

What has the OWASP given us?

Plenty of research and development support. The freely available knowledge accumulated over the years has helped make many applications secure. It gave us, hackers an open source standard that is generally accepted by the industry. It created a reference base, laid the foundations for a common language for application security.

The hackers of Whiteshield Ltd. have been working according to the guidelines of OWASP for years. Our reports as a result of security investigations are also based on these principles. The description of the vulnerabilities in this document helps developers to fix the bugs with direct links, because the purpose of each assessment is not only to find the bugs, but also to provide guidelines for fixing the bugs.