The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
You'll find everything about OWASP here on our wiki and current information on our OWASP Blog. Please feel free to make changes and improve our site. There are hundreds of people around the globe who review the changes to the site to help ensure quality. If you're new, you may want to check out our getting started page. Questions or comments should be sent to one of our many mailing lists. If you like what you see here and want to support our efforts, please consider becoming a member.
We ask that the community look out for inappropriate uses of the OWASP brand including our name, domain, logos, project names, and other trademarks and report issues to kate.hartmann(at)owasp.org. OWASP Foundation does not endorse or recommend commercial products or services allowing our community to remain vendor agnostic with the collective wisdom of the best minds in application security worldwide.
OWASP Foundation has over 150Local Chaptersall meetings are FREE simply sign up on the appropriate mailing list and introduce yourself. All chapter and mailing lists can be found here.
Click the map to find and join your local chapter.
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources.
The OWASP Job Board is a place to list application security employment opportunities as well as requests for proposals for application security work to be performed.
Drawn from over 130 blogs and news sources, this feed features only high-quality application security posts that are educational, innovative, and useful. Subscribe to the OWASP Feed
OWASP's custom search engine allows you to search all of OWASP and dozens of other application security websites. You can filter your results to see only non-commercial sites, products, services, and more... Try it!
Twitter Updates
Mon, 30 Aug 2010 OWASP ESAPI 2.0 rc7 (for Java 1.5+) is now live
Fri, 27 Aug 2010 RT @modsecurity: Announcing the OWASP ModSecurity Core Rule Set (CRS) v2.0.8 -
Fri, 27 Aug 2010 @DisK0nn3cT Looks okay from our end -
Thu, 26 Aug 2010 RT @AppSecDC: AppSecDC CFP closes in a week! Get your submissions in now it's shaping up to be a GREAT Con!
Tue, 24 Aug 2010 RT @SANSInstitute: Learn how to avoid the OWASP Top Ten in DEV522 -- OR go direct! learn more and pay less!
Fri, 13 Aug 2010 Join the Stack Exchange based "Application Security" forum at Area 51 now! Please RT.
Fri, 13 Aug 2010 RT @korbik: Parce que le monde est cruel
Thu, 05 Aug 2010 RT @AppSecDC: Just a reminder, we've extended our CFP to 15-August.
If you use OWASP materials, please consider becoming a member helping us continue our work -More Info