Commercial Services

Home
{| width="100%" ! width="33%" | ! width="33%" | ! width="33%" |
 * - valign="top"

Join OWASP
How to join OWASP

The professional association of OWASP Foundation is a not-for-profit 501c3 charitable organization not associated with any commercial product or service.


 * Membership information.



Get Listed
How to get your company listed

Question: What do you need from us?

Answer: For each type of service (Verification, Implementation Services, Process Improvement, and Training), one has to first choose what services of a given type one is offering. For example, for Verification, one can choose from any combination of ASVS levels 1A, 1B, 1, 2A, 2B, 2, 3, 4. Next, one has to provide the information requested in the paragraph above the table, let's keep using Verification as an example, starting from the second half of the paragraph: "Provider listings are required to include the following information..." -- this sentence provides a list of the information needed. The "Acme Application Security Co." is a fictional company listing that provides an example of a listing that provides the needed information.

Question: How many categories can we be listed under (we fall under a couple)

Answer: You can be listed once for each type of service (Verification, Implementation Services, Process Improvement, and Training). So, one company could have up to four listings, one on each tab. Then, in each listing, one can include one or more specific services of that type. The "Acme Application Security Co." is a fictional company on the Verification tab for example provides both ASVS Level 1A and 1B verification services.

Please let Kate know if you have any further questions, or need any additional information.

To be listed in the OWASP Commercial Services Registry, contact Kate Hartmann.



Related resources
OWASP Resources


 * OWASP Top Ten
 * OWASP ASVS
 * OWASP ESAPI
 * OWASP SAMM
 * OWASP Development Guide
 * OWASP Code Review Guide
 * OWASP Testing Guide


 * }

Verification
Commercial OWASP ASVS verification providers are listed below. 'Organizations listed are not accredited by OWASP. Neither their products nor services have been endorsed by OWASP.' Organizations listed either use ASVS or will help you use it. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, ASVS verification levels offered; approach to performing verifications, and contact name and email. Listings are not allowed to exceed 100 words.

Implementation Services
Commercial OWASP ESAPI implementation service providers are listed below. 'Organizations listed are not accredited by OWASP. Neither their products nor services have been endorsed by OWASP.' Organizations listed either use ESAPI or will help you use it. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, ESAPI implementation service platforms offered; approach to performing implementations, and contact name and email. Listings are not allowed to exceed 100 words.

Process Improvement
Commercial OWASP SAMM process improvement providers are listed below. 'Organizations listed are not accredited by OWASP. Neither their products nor services have been endorsed by OWASP.' Organizations listed either use SAMM or will help you use it. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, SAMM business function process improvement services offered; approach to performing process improvement, and contact name and email. Listings are not allowed to exceed 100 words.

Training
Commercial OWASP Guide training providers are listed below. 'Organizations listed are not accredited by OWASP. Neither their products nor services have been endorsed by OWASP.' Organizations listed either use OWASP Guides or will help you use them. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, OWASP Guide training offered; approach to performing training, and contact name and email. Listings are not allowed to exceed 100 words.