Operationally Necessary Cookies
Johanna is an OWASP volunteer for the technical setup of the OWASP bounty projects, helping to define clear bounty scopes and working with the project leaders to make this a reality. Here are some highlights from a recent Q&A with Johanna Curiel of OWASP:
What unique appsec challenges do open source projects like OWASP face? One of our constant challenges is to get people to review and verify the quality of our projects, especially to verify the security of them. As you know, OWASP is a non-profit foundation and has limited resources regarding these activities.
As the authority on appsec, what does that mean for people using your projects? Many developers and companies looking to improve their application security are turning towards OWASP to use defender libraries. They implement these libraries to secure their critical applications.There is a certain level of implied trust in OWASP, and many users of these projects might forget or not be aware that many of them are Open Source and lack an expected security assurance review, which at the moment is not done by OWASP.
How can a bug bounty help alleviate that? Testing web applications for security can be a challenging task. But testing that security control libraries are robust in the face of attack is an even more difficult challenge for even the most sophisticated assessment professionals. A while ago I proposed the idea of launching a bug bounty for defender libraries to test those security controls. That idea grew to encompass projects, such as ZAP, which that are being installed on clients.
How did you go about implementing that idea? As an open source organization, we turned to our community of volunteers, and some project leaders to set the guidelines for OWASP bug bounties, including the project qualifications and scope. You can read more of this here. We went through the process of looking into different service providers at the beginning of this year. After that process, Bugcrowd was selected as the platform to be utilized for stable and mature defender projects as a form of quality assurance.
Learn more about OWASP’s Bug Bounty Programs.
Empower Your Security Team With a Crowd of White Hat Hackers to Find and Fix Vulnerabilities in Your Code Before the Bad Guys Do.
From Our BlogSeptember 26, 2020A Byte-ful with TomNomNomSeptember 24, 2020Bugcrowd’s October Challenge Month!September 23, 2020Can the Crowd Handle Network Pen Testing?MORE BLOG POSTSNewsSeptember 16, 2020Beyond Compliance: Bugcrowd Leverages Crowdsourcing to Find Server Vulnerabilities Before Cybercriminals DoSeptember 9, 2020Legality of Security Research to be Decided in US Supreme Court CaseSeptember 9, 2020Bugcrowd Expands its Advisory Board with the Appointment of Two Distinguished Industry ExecutivesMORE NEWSEventsByteCon2020- September 21-25, 2020ByteCon is a community driven framework organized by Byter Cyber Labs for building online events…Connect With UsDarkCTF – September 25-27, 2020DarkArmy is a non-profit and diverse community of students and cybersecurity enthusiasts from all across…Connect With UsSecurity Flash with ActiveCampaign: How to Build Trust in a Time of Global UncertaintyHow do you build trust and confidence during a time of economic turbulence? We’re living…Connect With UsMORE EVENTS
MORE BLOG POSTS
ByteCon is a community driven framework organized by Byter Cyber Labs for building online events…
DarkArmy is a non-profit and diverse community of students and cybersecurity enthusiasts from all across…
How do you build trust and confidence during a time of economic turbulence? We’re living…
Stay current with the latest security trends from Bugcrowd