13 comments

[ 2.0 ms ] story [ 37.4 ms ] thread
Is the meaning of OWASP a commonly known thing? I've never heard of it and their GitHub repository README fails to expand on its meaning.
It's a community of web application security professionals of varying sorts. It's a very weird organization.
I don't understand why web professionals are publishing their work in .docx format, whatever the standard of the writing.
The Open Web App Security Project has a pretty good (but alas not very up-to-date) catalogue of common web application exploits.
Could you point me to alternatives that are more up-to-date?
Nope. There is a presentation on cookie tossing, but scant else.
OWASP is fantastic organisation of Web Application Professionals. Some of their early work was the publication of the OWASP Top Ten, which went a long way to highlighting the importance web application security to organisations.

But they have become less and less relevant in recent years, rather than more relevant. Their previous work on the OWASP Testing Guide, and OWASP Developer Guide are excellent, but are becoming dated now; there are several efforts to bring this up to date.

This is like....seriously one of the worst documents I've ever read.
I really want OWASP to be high quality and up-to-date because I feel like there are too many commercial efforts out there; it takes away from the old school hacker community spirit to see all these books on Amazon, hack this, and hack that. OWASP folks are really great people, and I feel like there could be more urgency and edge to what they do.