Welcome to OWASP
The Open Web Application Security Project
The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. We are committed to practical, unbiased, comprehensive solutions to the challenges of developing software you can trust. Participation in OWASP is free and open to all, as are all the materials here.
We invite you to join us. If your organization is using OWASP materials, please support our efforts by becoming a member. There is no obligation to become a member to use our materials or participate in the application security community. Yet we rely on your organizations' memberships to make OWASP happen. Don't miss your chance to support what we're trying to accomplish. As a 501c3 not-for-profit, all membership dues go to supporting OWASP activities.
What You'll Find Here
Whether you're just Getting Started in application security or you're an expert, there's information here for you. Find out about Application Vulnerability Areas, Countermeasures, Threat Modeling, Secure Development Lifecycle, and how to build secure applications on platforms like J2EE, .NET,, and more.
There are also lots of materials available for download. There are Tools, Technical Papers, Presentations, Videos, Templates, Checklists, and more. All OWASP materials are free and licensed under an approved open source license. Some of our most popular downloads include:
- The Guide to Building Secure Web Applications and Web Services book
- The WebScarab web application and web service penetration testing tool
- The WebGoat web application security training environment
- The Top Ten Most Critical Web Application Security Vulnerabilities awareness paper
- OWASP Ireland - March 21
- OWASP Atlanta - March 29
- OWASP NYC - April 20
- AppSec Europe 2006 Conference - May 30-31
- NY PHP Conference - June 14-16
OWASP has a variety of Projects underway to advance the state of the art in different areas of application security. Anyone can join our projects and help out. All you have to do is choose a project and request a task. A few of the projects that need help right now:
- The AJAX Security Project is looking for writers and developers
- The WebGoat Project needs a lesson on AJAX security
- The Guide Project needs reviewers for version 2.2