Category:OWASP Project

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team.

Active OWASP Projects

 * Release Quality Projects
 * OWASP Top Ten Project - an awareness document that describes the top ten web application security vulnerabilities
 * OWASP WebGoat Project - an online training environment for hands-on learning about application security
 * OWASP WebScarab Project - a tool for performing all types of security testing on web applications and web services


 * Beta Status Projects
 * OWASP CAL9000 Project - a JavaScript based web application security testing suite
 * OWASP CLASP Project - a project focused on defining process elements that reinforce application security
 * OWASP LAPSE Project - an Eclipse-based source static analysis tool for Java
 * OWASP Sprajax Project - an open source black box security scanner used to assess the security of AJAX-enabled applications
 * OWASP SQLiX Project - a project focused on the development of SQLiX, a full perl-based SQL scanner
 * OWASP Pantera Web Assessment Studio Project - a project focused on combining automated capabilities with complete manual testing to get the best results
 * OWASP WSFuzzer Project - a project focused on the development of WSFuzzer, a full python-based Web Services SOAP fuzzer


 * Alpha Status Projects
 * OWASP Live CD Project - a CD containing ready to use versions of application security analysis and testing tools
 * OWASP Orizon Project - a project focused on the development of a flexible code review engine
 * OWASP Risk Management Project - a new project focused on processes for managing application security risk


 * Technology, Research and Guides
 * OWASP AJAX Security Guide - investigating the security of AJAX enabled applications
 * OWASP Application Security Assessment Standards Project - establish a set of standards defining baseline approaches to conducting differing types/levels of application security assessment
 * OWASP Application Security Metrics Project - identify and provide a set of application security metrics that have been found by contributors to be effective in measuring application security
 * OWASP AppSec FAQ Project - an FAQ covering many application security topics
 * OWASP Code Review Project - a new project to capture best practices for reviewing code
 * OWASP Encoding Project - a new project focused on the development of encoding best practices for web applications.
 * OWASP Guide Project - a massive document covering all aspects of web application and web service security
 * OWASP Honeycomb Guide - a comprehensive and integrated guide to the fundamental building blocks of application security
 * OWASP Java Research - a project focused on helping Java and J2EE developers build secure applications
 * OWASP PHP Research - a project focused on helping PHP developers build secure applications
 * OWASP Legal Research - a project focused on contracting for secure software
 * OWASP Logging Guide - a project to define best practices for logging and log management
 * OWASP .NET Research - a project focused on helping .NET developers build secure applications
 * OWASP Testing Guide - a project focused on application security testing procedures and checklists
 * OWASP Validation Research - a project that provides guidance and tools related to validation
 * OWASP WASS Guide - a standards project to develop more concrete criteria for secure applications

OWASP Project Mailing Lists

Proposing a new project
To propose a new project, please send an email to owasp@owasp.org. Each project should have a roadmap page that details the current set of tasks and rough schedule. The page should be named "OWASP XXX Project Roadmap"