The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
比较著名的 OWASP Top 10:
这个组织也做了几个不错的产品,比如 ModSecurity 这集成在 Web Server 里面的 WAF:
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave’s SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…
和 ModSecurity 配套使用的 OWASP Core Rule Set (CRS):
OWASP 每年都会有好多次的会议,会议的 Topic 都可以在 Youtube 上看到:
