Introducing Checkmarx Software Composition Analysis (CxSCA)
Founded in 2001 as an open-source security community centered around the goal of spreading application security awareness, the Open Web Application Security Project (OWASP) is most famous for their OWASP Top 10 which has become the industry gold standard for application security.
Powered by a global network of over 42,000 security-aware volunteers, OWASP members hail from educational and government institutions, large corporations and more. This highly active community produces content, organizes events, and publishes articles, methodologies, tools and technologies which are free and available to everyone. All OWASP projects and events are managed and backed by the OWASP Foundation which is a 501(c)(3) charitable organization.
One of the factors that allows OWASP to produce such high quality application security content without any inherent biases is the fact that OWASP is not affiliated with any specific organization, although it receives support from its active community members.
First appearing in 2003 and continuing with regular updates, the OWASP Top Ten is a compilation of the Top 10 Most Critical Application Security Risks which is produced with the goal of empowering developers and security teams to ensure that the applications that they build are secure against the most critical risks.
As application security threats are constantly evolving, the current OWASP Top 10 is the 2017. This list includes detailed best practices for both the detection and remediation of vulnerabilities. Building on the success of the original OWASP Top Ten for web applications, OWASP has produced further “Top 10” lists for Internet of Things vulnerabilities and another list for the top Mobile development security risks.
OWASP members compile the lists by examining both the occurrence rate and overall severity of the threat. Certain threats can appear often but are easy to prevent, detect and mitigate while others are potentially deadly but rare when it comes to finding them “in the wild.”