The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

A. An extensible security framework named COBIT

B. A list of flaws and how to fix them

C. Web application patches

D. A security certification for hardened web applications