The Open Web Application Security Project (OWASP) is an open source community project that develops software tools and knowledge-based documentation that helps people secure web applications and web services. OWASP is an open source reference point for system architects, developers, vendors, consumers, and security professionals involved in designing, developing, deploying, and testing the security of web applications and web Services. In short, the OWASP aims to help everyone and anyone to build more secure web applications and web services. One of the best aspects of the OWASP testing guide is its comprehensive description of determining the business risk presented by findings. The OWASP testing guide rates risk based on the impact it could have to the business, and the chance it will occur. By those aspects described in the OWASP testing guide, the overall risk rating of a given finding can be found out, which gives the organization appropriate guidance based on the result of their findings.
The OWASP testing guide primarily focuses on the following:
- Techniques and tools in web-application testing
- Information-gathering
- Authentication testing
- Business logic testing
- Data-validation testing
- Denial-of-service attack testing
- Session-management testing
- Web services testing
- AJAX testing
- Risk severity
- Likely hood of risk