Blog Security GitLab is now a member of the OWASP Foundation
January 21, 2020
2 min read

GitLab is now a member of the OWASP Foundation

GitLab is thrilled to announce our membership in the OWASP Foundation.


GitLab is thrilled to announce our membership in the OWASP Foundation. OWASP is a non-profit that works to improve the security of software through open-source projects, worldwide local chapters, tens of thousands of members, and educational/training conferences.

We leverage OWASP to help provide security features integrated into the development lifecycle via the Secure stage and defending your apps and infrastructure from security intrusions via the Protect stage. We also leverage OWASP on our security team who are responsible for the security posture of the company, products, and client-facing services.

Our favorite OWASP initiatives

Our favorite OWASP initiatives include:

  • OWASP Top 10 - standard awareness document for developers for web application security
  • WebGoat - a deliberately insecure application that allows interested developers to test commonly found vulnerabilities
  • ModSecurity WAF ruleset - a set of generic attack detection rules for use with web application firewalls
  • ZED Attack Proxy - a penetration testing tool designed for testing web applications
  • Benchmark - a test suite designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools
  • Find Security Bugs - find security bugs
  • Dependency Check - a tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies
  • Juice Shop - an intentionally insecure web application that can be used in security training and validation
  • Software Assurity Maturity Model - an open framework to help organizations formulate and implement a strategy for software security

Our membership allows us to support these OWASP projects while also allowing us to help shape the direction of the OWASP community.

OWASP AppSec California

Please meet us at OWASP's AppSec California conference, which we are sponsoring. It is Jan 21 thru Jan 24 in Santa Monica, CA.

We are hiring!

If all of this piques your interest, a reminder that GitLab is hiring for our engineering (secure, protect) and security teams! Please review our open jobs.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert