The Open Web Application Security Project focuses on improving the security of application software. Mozilla currently leverages many of OWASP’s resources within the design, development and testing of Mozilla web applications. The Mozilla infrastructure security team is actively integrating OWASP security guidance, such as the OWASP Top 10 and the OWASP Development Guide, into the software development and review life cycle. In addition, OWASP testing tools, such as the WebScarab proxy and the JBroFuzz fuzzing tool, are used during security testing and review to ensure that applications are properly protected against real world attacks. Currently, Mozilla is actively using the following OWASP resources:

• OWASP Top 10
• AppSensor
• Development Guide
• JBroFuzz
• WebScarab
• WebGoat

More Information

As an organizational supporter for 2010 Mozilla will enable OWASP to continue providing and enhancing these high quality resources. Funds from organizational supporters are also used to sponsor annual OWASP summits where hundreds of OWASP contributors from around the world converge to discuss security topics, to plan future projects, and to develop OWASP reference materials and tools. In addition to supporting the ongoing success of OWASP, aligning with OWASP is a good match for Mozilla due to the similar goals and principles of the two organizations. Like Mozilla, OWASP is an open organization that leverages the collective expertise of local contributors around the world. Under a FLOSS license all OWASP materials are available to everyone, regardless of membership.

By supporting OWASP, Mozilla will also be promoting the OWASP education project. The project’s goal is to establish relationships between OWASP and universities in order to provide computer science students with cutting edge, real-world application security knowledge. Professors and students can leverage OWASP’s free educational resources such as the security learning tool named "WebGoat".

As a corporate supporter of OWASP, Mozilla will demonstrate a continued focus and commitment to security and a willingness to promote the success of open organizations.