The OWASP website is a great way to start or increase your knowledge on software security. Recently I mentioned OWASP to a couple of testing friends and was surprised they hadn’t heard of the organization so I thought I would mention it here. I got started with OWASP when I heard about the Top Ten project about two years ago and I’ve been hooked since. The Top Ten is a list of the top software security threats; the list is a good read. I’m also fortunate to live close to a large city that offers a local chapter and so I check out chapter meetings and talk with security experts I’ve met in the community. The OWASP website has references for testers and a testers project too – see the OWASP Testing Guide.