The OWASP is a free and open security community based project that provides an absolute wealth of knowledge, tools and papers to help anyone involved in designing, developing, deploying or supporting a web application to insure security is built in from the ground up and that the overall product is as secure as it can be.
Because it is so free and open you can visit the site right now and check out some of the really cool things like;
- A PHP security library.
- The OWASP top 10.
- The Development Guide.
- Secure Coding Practices.
- Loads more things…
All for free, literally thousands of hours worth of work from some of the top security professionals in the world, available completely for free. It is brilliant, and why the internet is just a great place to work.
OWASP is split into localised chapters, with new ones popping up all the time. My local chapter would be the Dublin based one (so I use the term local very very loosely, I even have to take out crazy fake money when I go down there!).
Again, you can join chapters for free, this gives you access to mailing lists and free talks that get put on as regularly as can be organised. In my opinion anyone who gives half a crap about the security of the web applications they are creating should be attending these talks as often as they can. I mean it is free, you are getting free security advise from professionals who have proven their chops many times over.
The other thing you can do, and the real point of my post, is that you can become a paid supporter. This costs a minimum of $50, which I think is more than fair for the amount of excellent information available on their site alone (ignoring the talks organised by chapters), in fact, I say more than fair – I have spent more on ale in an evening, and I am willing to bet you have chucked away more than $50 on lesser causes before.
By rights the $50 should just get you the nice feeling of knowing you have contributed to an excellent cause, but it doesn’t end there, OWASP is such an awesome project that occasionally there will be extra talks or training sessions put on for paid up members by way of a thank you. That is just bloody awesome, to get to talk to some of the top security professionals in the world or to get trained by them, $50 is a steal.