About The Open Web Application Security Project

Guide Table of Contents

The Open Web Application Security Project (OWASP) is an open community dedicated to finding and fighting the causes of insecure software. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We can be found at http://www.owasp.org/

OWASP is a new type of entity in the security market. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology.

We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security includes improvements in all of these areas.

Structure and Licensing
The OWASP Foundation is the not for profit (501c3) entity that provides the infrastructure for the OWASP community. The Foundation provides our servers and bandwidth, facilitates projects and chapters, and manages the worldwide OWASP Application Security Conferences.

All OWASP materials are available under an approved open source license. If you opt to become an OWASP member organization, you can also use the commercial license that allows you to use, modify, and distribute all OWASP materials within your organization under a single license.

Participation and Membership
Everyone is welcome to participate in our forums, projects, chapters, and conferences. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert.

If you find the OWASP materials valuable, please consider supporting our cause by becoming an OWASP member. All monies received by the OWASP Foundation go directly into supporting OWASP projects.

Projects
OWASP projects are broadly divided into two main categories: development projects, and documentation projects. Our documentation projects currently consist of: Development projects include:
 * The Guide This document that provides detailed guidance on web application security
 * Top Ten Most Critical Web Application Vulnerabilities A high-level document to help focus on the most critical issues
 * Metrics A project to define workable web application security metrics
 * Legal A project to help software buyers and sellers negotiate appropriate security in their contracts
 * Testing Guide A guide focused on effective web application security testing
 * ISO17799 Supporting documents for organizations performing ISO17799 reviews
 * AppSec FAQ Frequently asked questions and answers about application security
 * WebScarab A web application vulnerability assessment suite including proxy tools
 * Validation Filters (Stinger for J2EE, filters for PHP) Generic security boundary filters that developers can use in their own applications
 * WebGoat An interactive training and benchmarking tool that users can learn about web application security in a safe and legal environment
 * DotNet A variety of tools for securing .NET environments.

Guide Table of Contents