A community of security professionals and stakeholders with the common goal of advancing the state of security in the area of application development.
Builders, Breakers and [Defenders]; the idea of OWASP Communities is to bring together experts in the area that they are best at with the common goal of advancing the state of application security. This approach allows similar groups of professionals and experts to tackle security problems with the involvement of the most relevant stakeholders. The intent is to drive high quality output that is immediately usable by the target audience. More information about this vision can be found here.
Want to contribute to the OWASP Builders Community?
Add your info and send an email to firstname.lastname@example.org
Get involved in the Developer Outreach by subscribing to the ...
The first priority of the Builders Community is to reach out to developers and ask what application security is lacking today. An initial lightweight outreach was performed early March 2011.
Developers' Security Itches March 2011
The overall results of the initial outreach can be seen in the diagram below (categorization by John Wilander, full-text available via links below). This is a first glimpse at what developers think are the problems and challenges for application security.
"Lack of Security in Frameworks"
Here's what the developers said in the number one category "Lack of Security in Frameworks":
Question: What are your security itches?
- NMP (not my problem), aka should be handled by the used frameworks (spring, struts, etc). [Java and C# developer, 5 years of experience]
- The idea that you can tackle all security problems with spring security. [Java and C# developer, 5 years of experience]
- Things I don't have control over. 3rd party DB drivers, image libraries, all kind of framework. [C# and Java developer, 10 years of experience]
- Frameworks missing mechanisms for solving common security problems (CSRF, http-only etc.) [Java+Ruby developer, 3 years experience]
- Lack of security support in frameworks. [Java developer, 15 years of experience]
- Picking secure components. [Java and Scala developer, 8 years of experience]