History of OWASP

Jump to: navigation, search

Happy 11th Birthday OWASP - Sept 24, 2001

Goal of this page

We just recently created this page and sent out a request for contributors to collectively record the OWASP history. It would be great to capture items such as the growth of the organization, screenshots of the various owasp.org pages over the years (nod to waybackmachine), individuals involved at various points, etc.

Please help contribute your knowledge - this is a wiki after all.

The eMail that Started OWASP

Even before the web site - here is the archive of what seems to be the original OWASP announcement:


Here is the archive:


From: Mark Curphey (markcurphey.com)

Date: Mon Sep 24 2001 - 01:52:35 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As some of you may know, someone on the www-mobile-codesecurityfocus.com (to be renamed webappsecsecurityfocus.com real soon) list suggested setting up a project to define an industry standard testing methodology for the security of web applications. I was asked to help set it up and co-ordinate and am pleased to be involved. Several people have already volunteered with various degrees of commitment. As I discussed ideas with various people, it became clear there was a need for a much wider project to include the design, development, deployment and testing of web application security as well as the standard categorization of attacks.

So we are pleased to announce the creation of the "Open Web Application Security Project" known as OWASP. This is a community effort that will be open source and available to all. I have created a quick and dirty web site at http://www.owasp.org until we can get a real webmaster to volunteer. As this was created on the mailing list, most of the work is expected to be driven on mailing list traffic.

How will the project work ? Over the coming months the project will seek to define security recommendations, specifications and explanations in key areas. Security professionals will be able to use the output to incorporate in their work. Security vendors will be able to base services and products on these standards and consumers will be able to baseline and test applications or services they consume.

It seems to make sense to initially start by defining standard web application Attack Categories and develop the testing methodology. The methodology will probably include "white box"�testing (where the tester has full access to source code), "black box" testing where the tester has access to the application as a user and "glass box" testing where the tester has both.

A broad based schedule will be set over the next few weeks after initial administrivia has been worked out. That includes a licensing model such as GPL�to prevent commercial companies taking the output and using it as there own, whilst still promoting its widespread adoption. Each part of the project will need to be lead by individual volunteers, initial ones will hopefully be determined this week.

We are currently looking for;

Technical - We are looking for additional people with technical security skills in various web technologies including HTTP, XML, HTML, ASP, Java, C, C#, PHP, CGI's, Perl, JavaScript, .NET, J2EE and others.

Translators - We have two translators ready to port documentation to French and Portuguese. However we will be looking for other volunteers in particular German.

Graphic Designer - We need some simple graphics for the web-site and may need illustrations etc.

Webmaster - We need someone to design and maintain this web site.

Much of the success of open source projects comes from individuals adding value within his or her individual area of expertise. This community welcomes your contribution.


Kind Regards,

Mark Curphey

The OWASP Website Snap Shots in Time



OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not-for-profit entity that ensures the project's long-term success.

For more information About OWASP click here