OWASP and OSINT: More on Cybersecurity, Privacy and Anonymity
Today, we will continue with our entries related to the topic of Informatic security (Cybersecurity, Privacy and Anonymity) and for them we will focus on OWASP y OSINT.
While, OWASP is an open source project dedicated to determining and combating the causes that make software unsafe, OSINT is a set of techniques and tools used to collect public information, correlate data and process it, in order to obtain useful and applicable knowledge for certain objectives or areas.
Information Security: History, Terminology and Field of Action
Before getting into the topic of OWASP y OSINT, as usual, we recommend that after reading this publication, explore the content of other of our previous publications related to the topic of Informatic security.
… It is good to point out that the concept related to Information Security should not be confused with that of Computer Security, since, while the first refers to the protection and safeguarding of the integral information of a Subject (Person, Company, Institution, Agency, Society, Government), the second only focuses on safeguarding the data within a computer system as such. Information Security: History, Terminology and Field of Action
OWASP and OSINT: Organizations, Projects and Tools
What is OWASP?
According to the official website of OWASP is
"An Open Web Application Security Project (OWASP) run by a non-profit foundation of the same name that works to improve software security. And whose structure includes the development of community-led open source software projects. Said Foundation currently has more than 200 local sections around the world, tens of thousands of members and conducts leading educational and training conferences in the sector."
Hence, it is clear that the target full OWASP Foundation is
"Being an open community dedicated to enabling organizations to conceive, develop, acquire, operate and maintain applications that can be trusted. And for them, all their projects, tools, documents, forums and chapters created are free and open to anyone interested in improving application security."
OWASP projects
All Software Projects and Tools elaborated by OWASP can be viewed in your Projects Section, and also on their official website at GitHub. And among the best known we can mention the following:
- OWASP Top 10: Project consisting of a standard awareness document for web application developers and security. And that represents a broad consensus on the most critical security risks for them.
- Web Security Testing Guide (WSTG): Project consisting of a Web Security Testing Guide that produces the premier cybersecurity testing resource for web application developers and security professionals. Therefore, it is an excellent and comprehensive guide to testing web service and application security, as it provides a framework of best practices used by penetration testers and organizations around the world. There is also one for applications .
What is OSINT?
Given that OSINT It is, as we stated at the beginning: "a set of techniques and tools used to collect public information, correlate data and process it, in order to obtain useful and applicable knowledge for certain objectives or areas"; the same does not have an official website. However, there are several websites that provide a lot of useful information and OSINT tools. Which can be used both to investigate and attack a target subject, or for anyone to take the necessary measures to prevent such attacks.
It is important to clarify about OSINT following:
"The term "open source" within OSINT does not refer to the Open Source software movement, although many OSINT tools are Open Source; Rather, it describes the public nature of the data being analyzed."
What is OSINT Framework?
Among the websites related to OSINT we can mention OSINT Framework. It can be described as:
An online repository that includes a large number of tools (applications, web services) to carry out searches in open information sources. It works as a file that stores and classifies these tools to be used in OSINT investigations. These tools are also a set of GPLv3-type libraries (free and open source), which allows to collect all kinds of data (information) for the necessary investigations. Specifically, these tools can discover and collect data, such as, User names, E-mail addresses, IP addresses, Multimedia resources, Profiles in social networks, Geolocation, among many others.
For those, interested in wanting to know more about OSINT can visit your official website on GitHub or the next link.
We hope this "useful little post" about «OWASP y OSINT», 2 interesting topics covering organizations, projects, tools, and much more, in favor of a more robust and transparent Informatic security (Cybersecurity, Privacy and Anonymity); is of great interest and utility, for the entire «Comunidad de Software Libre y Código Abierto» and of great contribution to the diffusion of the wonderful, gigantic and growing ecosystem of applications of «GNU/Linux».
For now, if you liked this publicación, Do not stop share it with others, on your favorite websites, channels, groups or communities of social networks or messaging systems, preferably free, open and / or more secure as Telegram, Signal, Mastodon or another of Fediverse, preferably. And remember to visit our home page at «DesdeLinux» to explore more news, as well as join our official channel of Telegram from DesdeLinux. While, for more information, you can visit any Online library as OpenLibra y jedit, to access and read digital books (PDFs) on this topic or others.