开放式 Web 应用程序安全项目 (OWASP)

开放式 Web 应用程序安全项目 (OWASP) 是一个致力于 Web 应用程序安全的国际非营利组织。OWASP 的核心原则之一是其所有材料都可以在其网站上免费获取和轻松访问，从而使任何人都可以提高自己的 Web 应用程序安全性。它提供的材料包括文档、工具、视频和论坛。其最著名的项目是 OWASP Top 10，这是一份定期更新的报告，概述了 Web 应用程序安全的安全问题，并重点关注 10 个最关键的风险。该报告由来自世界各地的安全专家团队整理而成。

OWASP 测试和代码审查指南为开发人员提供了评估软件的有益信息。测试指南包含组织可用于应用识别常见 Web 应用程序或服务安全问题的技术的信息。组织也可以参考 OWASP 代码审查指南来实施创建更安全软件的实践。OWASP 建议 Web 开发人员应实施日志记录和监控以及事件响应计划，以确保他们意识到对其应用程序的攻击。

Open Web Application Security Project (OWASP)

The Open Web Application Security Project, or OWASP, is an international non-profit organization dedicated to web application security. One of OWASP’s core principles is that all of its material be freely available and easily accessible on its website, making it possible for anyone to improve their own web application security. The material it offers includes documentation, tools, videos, and discussion forums. Its best-known project is the OWASP Top 10, a regularly updated report, outlining security concerns for web application security and focusing on the 10 most critical risks. The report is put together by a team of security experts from all over the world.

The OWASP testing and code review guides supply developers with beneficial information for assessing software. The testing guide contains information that organizations can use to apply techniques for identifying common web application or service security issues. Organizations may also refer to the OWASP code review guide to implement practices for creating more secure software. OWASP recommends that web developers should implement logging and monitoring as well as incident response plans to ensure that they are made aware of attacks on their applications.