The Open Web Application Project (OWASP) is famously known for its Top 10 project; however, it supports and promotes many other great projects that could help your organization\u2019s cybersecurity posture.<\/span>\u00a0<\/span><\/p>\n There are dozens of open projects supported in some way or capacity by OWASP, and not all of them are strictly web-application specific. I\u2019ve compiled this list of five (non-Top 10) projects that you should know about.<\/span>\u00a0<\/span><\/p>\n Application Security Verification Standard<\/span><\/b><\/a> (ASVS) <\/span><\/b>is an open standard to ensure your apps are built securely from a best-practices perspective. While there are hundreds of controls, ASVS is broken down into three tiers depending on the type of data processed by the application.<\/span>\u00a0<\/span><\/p>\n What I love most about ASVS is that it\u2019s as prescriptive as it can get, unlike other guidance that can sometimes feel too vague.<\/span>\u00a0<\/span><\/p>\n Providing secure code training to developers can be costly in terms of time and licensing costs. OWASP maintains the <\/span>Security Knowledge Framework<\/span><\/a>, which provides a platform to integrate ASVS and MASVS requirements into your sprint planning while also providing tons of labs for developers to practice secure coding principles.<\/span>\u00a0<\/span><\/p>\n The OWASP Cheat Sheet series is a goldmine of information if you want sound tactical guidance on application security. It covers everything from Security Assertion Markup Language (SAML) and threat modeling to cryptography and containers.<\/span>\u00a0<\/span><\/p>\n Do you dabble\/work in penetration testing? Think it would be nifty to have a container image prebaked with everything you need, including Metasploit? Then check out <\/span>Nightingale<\/span><\/a>, which does this for you.<\/span>\u00a0<\/span><\/p>\n Software Bill of Materials (SBOMs) are all the rage these days. <\/span>CycloneDX<\/span><\/a> is the leading SBOM standard designed primarily for security needs. I predict most Software Composition Analysis-type tools will standardize on this for SBOM export features.<\/span>\u00a0<\/span><\/p>\nApplication Security Verification Standard<\/span><\/b>\u00a0<\/span><\/h3>\n
Security Knowledge Framework (SKF)\u00a0 \u00a0 <\/span><\/b>\u00a0<\/span><\/h3>\n
Cheat Sheet Series<\/span><\/b>\u00a0<\/span><\/h3>\n
Nightingale\u00a0<\/span><\/b>\u00a0<\/span><\/h3>\n
CycloneDX\u00a0<\/span><\/b>\u00a0<\/span><\/h3>\n
![](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2022\/02\/Copy-of-Featured-image-for-Sophos-News-Nak-Sec-36.png\"\/)
<\/p>\n