What is OWASP?
OWASP (Open Web Application Security Project) is the name of an open source project that was born in 2001 and became a non-profit foundation in 2004. An initiative that has now become a standard methodology when it comes to structuring and analysing the vulnerabilities of all types of software and hardware. An unavoidable reference within the world of cybersecurity.
The objective of the OWASP methodology is based on two main objectives. On the one hand, to warn developers of the dangers that orbit the Internet and the most frequent mistakes that are made when designing and creating software and hardware. On the other hand, offering free access tools with which to analyse the security of the solutions and devices that they launch on the market.
Initially, OWASP landed in the cybersecurity universe as a tool to contain web security threats, but over time it has evolved. Its scope of action today also includes mobile applications, IoT devices, APIs or privacy risks, among others. Its reports on the top ten vulnerabilities are a constant reference for developers and cybersecurity analysts around the world.
Cybersecurity articles related to OWASP
Here are some technical articles on cybersecurity related to OWASP that have been published on Tarlogic’s website.
- Introduction: IoT and embedded devices security analysis following OWASP
- Best practices: IoT Security assessment
- OWASP Top 10 Web Application Vulnerabilities
- OWASP SCVS: Reducing Risks in the Software Supply Chain
- Mobile Apps Security Testing (OWASP MASVS)
Cybersecurity services related to OWASP
Web Security Audit: We apply OWASP to audit the security of web applications and APIs, identifying security issues that affect privacy, confidentiality, and availability, and defining an action plan both in the application code and in the infrastructure.
- More information: Web Security Audit
Mobile Application Audit: Comprehensive set of security and privacy tests specially developed for conducting audits of mobile applications on Android and iOS.
- More information: Mobile application security audits
IoT Security Testing: The IoT security assessment services allow to identify potential security issues of the device, understand security flaws in the data exchange process, and analyze the security implications of the technology used.
- More information: IoT Security Testing
Reverse Engineering and Hardware Hacking services: Security evaluation of hardware devices through physical ports and reverse engineering tests of software and firmware to assess the protection of a binary
- More information: Reverse Engineering and Hardware Hacking services