We are pleased to announce that the first release of the Open Web Application Security Project “Guide to Building Secure Web Applications” is now online in both pdf (1.67Mb) and HTML. The Guide covers various web application security topics from architecture to preventing attack specifics like cross site scripting, cookie poisoning and SQL injection. Its 80 pages of pure web application security and no vendor marketing in sight! The document is released under the GNU documentation license and was a community volunteer effort. Big kudos to all those involved. You can download the Guide from the front page at http://www.owasp.org This is just one of several projects underway including an open source web application scanner called WebScarab (due end of the year), a set of generic API’s called Filters to allow developers to easily protect their applications from malicious input / output such as XSS (due in next 3 months) and a formal testing methodology. Future projects include an intentionally buggy application for testing and learning, called WebMaven. Oh, and did we mention its all open source and free ! If you like the work, want to contribute or have suggestions for improvements, please drop us a mail. owasp@owasp.org The Open Web Application Security Project http://www.owasp.org
