The Open Web Application Security Project (OWASP) is a not for profit organization focused on improving the security of software. I am excited to announce that I have joined the foundation as an Individual Member. This community provides many valuable services for organizations improve security; these services include free open source tools, extensive information, videos, and conferences. Several of my favorite resources include
- OWASP Top 10 List – The Top 10 List is a great place to learn about the most common vulnerabilities your application might encounter. The latest refresh for 2017 is currently in progress.
- OWASP ZAP (Zed Attack Proxy) – Free open source tool for finding vulnerabilities in your applications. This tool you can use interactively or through an automated CI/CD process.
- OWASP Cheat Sheets – Quick reference guides for specific topics that help ensure all areas in a topic are covered.
At Deliveron we understand how important security’s role is in software development. We will continue to share our experiences in building secure applications using continuous security validation throughout the application lifecycle with Microsoft VSTS (Visual Studio Team Services), TFS (Team Foundation Server), and various security testing / quality tools such as OWASP ZAP.
I will begin with a series of upcoming posts where I plan to cover aspects of a secure application including infrastructure, application architecture, continuous security validation, and monitoring. Following this I will dive deeper in how we are using our expertise to help clients establish continuous security validation in a CI/CD pipeline.
Feel free to contact us if you have any questions about developing secure applications with continuous security validation using Microsoft VSTS.