The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work from Individuals, Organization Supporters & Accredited University Supporters.
You'll find everything about OWASP here on our wiki and current information on our OWASP Blog. Please feel free to make changes and improve our site. There are hundreds of people around the globe who review the changes to the site to help ensure quality. If you're new, you may want to check out our getting started page. Questions or comments should be sent to one of our many mailing lists. Or you can contact us directly at owasp@owasp.org. If you like what you see here and want to support our efforts, please consider becoming a member.
OWASP Foundation has over 130 Local Chapters, all meetings are FREE simply sign up on the appropriate mailing list and introduce yourself. All chapter and mailing lists can be found here.
Click the map to find and join your local chapter.
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
Mon, 23 Nov 2009 @ethicalhack3r OWASP would love another vulnerable web app. We'll help *any* free and open appsec project!
Mon, 16 Nov 2009 RT @jahboite: ESAPI for PHP early alpha (and not yet complete) is available at
Mon, 16 Nov 2009 RT @stevewerby: Sweet ESAPI WAF demo. Showed discovery of vulnerabilities in free JForum SW & virtual patching w/ the WAF
Sun, 15 Nov 2009 RT @curphey: Computer programmers accused of aiding Madoff scam
Sun, 15 Nov 2009 RT @brennantom: #AppSecDC OWASP Top 10 RC1
Sun, 15 Nov 2009 RT if #appsecdc isn't on your list every year, it should be. Think Blackhat/Defcon entirely focused on web apps and then some @devin_cassidy
Sun, 15 Nov 2009 RT @brennantom: First Prize - #appsecdc CTF was won by Dr. Yiannis Pavlosoglou CEO and founder of
Thu, 12 Nov 2009 RT @miscsecurity: "There are people who I wouldn't let in the building, but I run the code they write." - Joe Jarzombek #AppSecDC
OWASP funds promising application security researchers with project grants for tools, guides, surveys, and much more. Over $100,000.00 USD has been granted. Please check the OWASP Grants page to learn how to submit a grant proposal.
Don't need a grant just want to start a NEW OWASP Project - Click Here to get started.
The OWASP Job Board is a place to list application security employment opportunities as well as requests for proposals for application security work to be performed.
Drawn from over 130 blogs and news sources, this feed features only high-quality application security posts that are educational, innovative, and useful. Subscribe to the OWASP Feed
OWASP's custom search engine allows you to search all of OWASP and dozens of other application security websites. You can filter your results to see only non-commercial sites, products, services, and more... Try it!
If you use OWASP materials, please consider becoming a member helping us continue our work -More Info
