--- title: "GitLab is now a member of the OWASP Foundation" author: Wayne Haber author_gitlab: whaber author_twitter: waynehaber categories: security image_title: "/images/blogimages/Owasp_logo.jpg" description: "GitLab is thrilled to announce our membership in the OWASP Foundation." tags: events, news, open source, security merch_banner: merch_three twitter_text: "We're working hard on security and have joined @owasp. Find out what that means for @gitlab customers " featured: yes # --- GitLab is thrilled to announce our membership in the [OWASP Foundation](https://www2.owasp.org/). OWASP is a non-profit that works to improve the security of software through open-source projects, worldwide local chapters, tens of thousands of members, and educational/training conferences. We leverage OWASP to help provide security features integrated into the development lifecycle via the [Secure stage](/stages-devops-lifecycle/secure/) and defending your apps and infrastructure from security intrusions via the [Defend stage](/stages-devops-lifecycle/defend/). We also leverage OWASP on our [security team](/handbook/engineering/security/) who are responsible for the security posture of the company, products, and client-facing services. ## Our favorite OWASP initiatives Our favorite OWASP initiatives include: * [OWASP Top 10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) - standard awareness document for developers for web application security * [WebGoat](https://www2.owasp.org/www-project-webgoat/) - a deliberately insecure application that allows interested developers to test commonly found vulnerabilities * [ModSecurity WAF ruleset](https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project) - a set of generic attack detection rules for use with web application firewalls * [ZED Attack Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - a penetration testing tool designed for testing web applications * [Benchmark](https://www.owasp.org/index.php/Benchmark) - a test suite designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools * [Find Security Bugs](https://www.owasp.org/index.php/OWASP_Find_Security_Bugs) - find security bugs * [Dependency Check](https://www.owasp.org/index.php/OWASP_Dependency_Check) - a tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies * [Juice Shop](https://www2.owasp.org/www-project-juice-shop/) - an intentionally insecure web application that can be used in security training and validation * [Software Assurity Maturity Model](https://www.owasp.org/index.php/OWASP_SAMM_Project) - an open framework to help organizations formulate and implement a strategy for software security Our membership allows us to support these OWASP projects while also allowing us to help shape the direction of the OWASP community. ## OWASP AppSec California Please meet us at [OWASP's AppSec California conference](https://2020.appseccalifornia.org/), which we are sponsoring. It is Jan 21 thru Jan 24 in Santa Monica, CA. ## We are hiring! If all of this piques your interest, a reminder that GitLab is hiring for our engineering (secure, defend) and security teams! Please review our [open jobs](/jobs/apply/).