Main Page

About OWASP
Our mission is to enable organizations to develop, purchase, and maintain applications that can be trusted. Everything here is free and open, and anyone can participate. Please consider supporting our efforts by becoming a member or joining a project.

What You'll Find Here
Whether you're just Getting Started in application security or you're an expert, there's information here for you. Find out about Application Vulnerability Areas, Countermeasures, Threat Modeling, Secure Development Lifecycle, and how to build secure applications on platforms like J2EE, .NET, PHP, and more.

There are also lots of materials available for download. There are Tools, Technical Papers, Presentations, Videos, Templates, Checklists, and more. All OWASP materials are free and licensed under an approved open source license. Some of our most popular downloads include:


 * The Guide to Building Secure Web Applications and Web Services book
 * The WebScarab web application and web service penetration testing tool
 * The WebGoat web application security training environment
 * The Top Ten Most Critical Web Application Security Vulnerabilities awareness paper
 * more...

OWASP Projects
OWASP has a variety of Projects underway to advance the state of the art in different areas of application security. Anyone can join our projects and help out. All you have to do is choose a project and request a task. Or you can propose a project. A few of the projects that need help right now:


 * The AJAX Security Project is looking for writers and developers
 * The WebGoat Project needs a lesson on AJAX security
 * The Guide Project needs reviewers for version 2.2

OWASP Community

 * Mailing Lists
 * Local Chapters
 * OWASP AppSec Conferences