CISO AppSec Guide: About OWASP
OWASP is a global open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. OWASP builds documents, tools, teaching environments, guidelines, checklists, and other materials to help organizations improve their capability to produce secure code. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
OWASP was formed in 2001, in an entirely organic fashion, when a group of security professionals came to realize how terribly insecure the way we develop our web applications was. The initial goal was deemed to be modest: write a guide for developers, which would document secure software development practices. While the initial effort was meant to last a few weeks, it came out to several hundred pages. When released, the OWASP Guide to Building Secure Web Applications was an instant success. The OWASP Guide Series now encompasses six documents.
OWASP is a place where good people gather to help increase the awareness of the security problems in applications. It is a grass-roots effort, with the driving force being the people who are dealing with these problems every day, and wanting to lend a hand to change the situation for the better. The OWASP Foundation is a not-for-profit entity that ensures the project's long-term success.
The OWASP Foundation is a US 501(c)(3) not-for-profit organization. OWASP Europe VZW is a non-profit organization registered in Belgium.
Everyone is welcome to participate in our forums, projects, chapters, and conferences. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. All OWASP's documents, tools and other resources are published using open source licenses, and are available free of charge.
OWASP has almost 200 local chapters around the world. Chapter meetings are always free to attend, are vendor neutral and the presentations are made available free-of-charge on each chapter's web page. The meetings help foster local discussion of application security around the world.
To find your nearest local chapter, information on how to start a new one, and how to run a chapter see https://www.owasp.org/index.php/OWASP_Chapter and https://www.owasp.org/index.php/Chapter_Leader_Handbook
For the last ten years, OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C. Presentation slides and video recordings are available free of charge on the OWASP website after each conference.
For upcoming global and regional events see https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference
To find almost 80 national and international Legislation, standards, guidelines, committees and industry codes of practice that refer to OWASP see https://www.owasp.org/index.php/Industry:Citations
Helping to Support OWASP's Mission
Many organizations have been corporate or education supporters. many more have encourage their employees to contribute time and resources to OWASP Projects.
OWASP has also produced six guidance documents for other groups, suggesting how they could best support OWASP's mission. These are known as the OWASP Application Security Codes of Conduct, for government bodies, educational institutions, standards groups, trade organizations, certifying bodies, and development organizations. The Codes of Conduct can be downloaded from the project page https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
Our global address for general correspondence is:
FAO Kate Hartmann OWASP Foundation 1200-C Agora Drive, #232 Bel Air, MD 21014 United States
The European correspondence address is below:
OWASP Europe VZW Leinstraat 104A B-9660 Opbrakel Belgium
Or phone Kate Hartmann at +1 301-275-9403 or use the contact form at http://sl.owasp.org/contactus