Research


OWASP AppSensor
Creator of the OWASP AppSensor Project

The goal of the AppSensor project is to establish an automatic intrusion prevention framework that can be integrated into an application to provide application specific attack detection and response. The difference between AppSensor and other intrusion prevention approaches is that AppSensor is built into the application code itself. This key distinction allows AppSensor full visibility into all type of attacks against an application including: access control attacks, business logic attacks, violations of custom input filtering, attempted exploitation of connected systems.  Further, AppSensor's integration into the application allows immediate and automatic response to neutralize malicious users by logging out or disabling the attacker's account.

Find out more about OWASP AppSensor


OWASP Transport Layer Protection Cheat Sheet
Primary author of the OWASP TLS Protection Cheat Sheet.

Although SSL is a widely discussed security control it is also often misunderstood and implemented within application incorrectly. The Transport Layer Protection cheat sheet was created in response to the need for clear guidance on the secure use of SSL/TLS. This guide joins the OWASP cheat sheet series which includes other successful cheat sheets such as the XSS Prevention Cheat Sheet and SQL Injection Prevention Cheat Sheet.

Find out more about the TLS Protection Cheat Sheet


OWASP Top 10 2010 
One of the 10 primary contributors to the 2010 OWASP Top 10.

The Top 10 document provides information on the "ten most critical web application security risks." This document is referenced throughout the application security industry and has also been adopted by the Payment Card Industry (PCI) standard as a requirement for certification.

Find out more about the OWASP Top 10