Jan 21, 2020 - Wayne Haber    

GitLab is now a member of the OWASP Foundation

GitLab is thrilled to announce our membership in the OWASP Foundation.

GitLab is thrilled to announce our membership in the OWASP Foundation. OWASP is a non-profit that works to improve the security of software through open-source projects, worldwide local chapters, tens of thousands of members, and educational/training conferences.

We leverage OWASP to help provide security features integrated into the development lifecycle via the Secure stage and defending your apps and infrastructure from security intrusions via the Protect stage. We also leverage OWASP on our security team who are responsible for the security posture of the company, products, and client-facing services.

Our favorite OWASP initiatives

Our favorite OWASP initiatives include:

  • OWASP Top 10 - standard awareness document for developers for web application security
  • WebGoat - a deliberately insecure application that allows interested developers to test commonly found vulnerabilities
  • ModSecurity WAF ruleset - a set of generic attack detection rules for use with web application firewalls
  • ZED Attack Proxy - a penetration testing tool designed for testing web applications
  • Benchmark - a test suite designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools
  • Find Security Bugs - find security bugs
  • Dependency Check - a tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies
  • Juice Shop - an intentionally insecure web application that can be used in security training and validation
  • Software Assurity Maturity Model - an open framework to help organizations formulate and implement a strategy for software security

Our membership allows us to support these OWASP projects while also allowing us to help shape the direction of the OWASP community.

OWASP AppSec California

Please meet us at OWASP's AppSec California conference, which we are sponsoring. It is Jan 21 thru Jan 24 in Santa Monica, CA.

We are hiring!

If all of this piques your interest, a reminder that GitLab is hiring for our engineering (secure, protect) and security teams! Please review our open jobs.

Free eBook: The benefits of single application CI/CD Download the ebook to learn how you can utilize CI/CD without the costly integrations or plug-in maintenance. Learn more Arrow

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab Free
Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license

Try GitLab risk-free for 30 days.

No credit card required. Have questions? Contact us.

Gitlab x icon svg