Press

About OWASP
The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. There are over 130 OWASP Local Chapters world-wide that are free and open to anyone to attend. OWASP tools and documents can be used to detect and to guard against security-related design and implementation flaws, as well as to add security-related activities into YOUR Software Development Life Cycle (SDLC). For more information please visit http://www.owasp.org or view a powerpoint overview of OWASP - Click Here

Featured projects include:


 * OWASP Top 10 (The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are) http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project


 * OWASP WebGoat (WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project


 * OWASP ESAPI (FOSS (Free and open source software) Security Library for Java, PHP, .NET, ASP and Haskell) http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API


 * OWASP Live CD! Collection of OWASP tools on a CD that you can boot from any computer! http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project


 * OWASP Application Security Verification Standard http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project


 * OWASP Code Review Guide http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project


 * OWASP Developers Guide http://www.owasp.org/index.php/Category:OWASP_Guide_Project


 * OWASP.NET Project http://www.owasp.org/index.php/Category:OWASP_.NET_Project


 * OWASP Legal Project (Secure Software Contracts for Developers/Clients) http://www.owasp.org/index.php/Category:OWASP_Legal_Project


 * OWASP SAMM (Software Assurance Maturity Model)http://www.owasp.org/index.php/Category:OWASP_Software_Assurance_Maturity_Model_Project


 * OWASP Testing Guide ("best practice" penetration testing framework) http://www.owasp.org/index.php/Category:OWASP_Testing_Project

More About OWASP Projects

 * Application Security Verification Standard (ASVS) - The First Internationally-Recognized Standard for Performing Application Security Assessments.
 * Enterprise Security API (ESAPI) - Do Not Build Your Own Security Controls!
 * Legal Contract Annex - Build Security In, Before the Building Begins...

Upcoming OWASP Events
For more information on OWASP events, please see [The OWASP Conference page http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference]

Links to OWASP Articles
OWASP in the news - Click Here