GitLab is thrilled to announce our membership in the OWASP Foundation. OWASP is a non-profit that works to improve the security of software through open-source projects, worldwide local chapters, tens of thousands of members, and educational/training conferences.
We leverage OWASP to help provide security features integrated into the development lifecycle via the Secure stage and defending your apps and infrastructure from security intrusions via the Protect stage. We also leverage OWASP on our security team who are responsible for the security posture of the company, products, and client-facing services.
Our favorite OWASP initiatives
Our favorite OWASP initiatives include:
- OWASP Top 10 - standard awareness document for developers for web application security
- WebGoat - a deliberately insecure application that allows interested developers to test commonly found vulnerabilities
- ModSecurity WAF ruleset - a set of generic attack detection rules for use with web application firewalls
- ZED Attack Proxy - a penetration testing tool designed for testing web applications
- Benchmark - a test suite designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools
- Find Security Bugs - find security bugs
- Dependency Check - a tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies
- Juice Shop - an intentionally insecure web application that can be used in security training and validation
- Software Assurity Maturity Model - an open framework to help organizations formulate and implement a strategy for software security
Our membership allows us to support these OWASP projects while also allowing us to help shape the direction of the OWASP community.
OWASP AppSec California
Please meet us at OWASP's AppSec California conference, which we are sponsoring. It is Jan 21 thru Jan 24 in Santa Monica, CA.
We are hiring!
If all of this piques your interest, a reminder that GitLab is hiring for our engineering (secure, protect) and security teams! Please review our open jobs.
Free eBook: The benefits of single application CI/CD
Download the ebook to learn how you can utilize CI/CD without the costly integrations or plug-in maintenance.Learn more