The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. There are over 70 OWASP Local Chapters world-wide that are free and open to anyone to attend. OWASP tools and documents can be used to detect and to guard against security-related design and implementation flaws, as well as to add security-related activities into your Software Development Life Cycle (SDLC).
For additional detail about OWASP, leadership, and corporate details, please refer to the About OWASP page.
Featured projects include:
- OWASP Top 10 (The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are) http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- OWASP WebGoat (WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
- OWASP Live CD! Collection of OWASP tools on a CD that you can boot from any computer! http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
- OWASP Application Security Verification Standard http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
- OWASP Code Review Guide http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
- OWASP Developers Guide http://www.owasp.org/index.php/Category:OWASP_Guide_Project
- OWASP SAMM (Software Assurance Maturity Model)http://www.owasp.org/index.php/Category:OWASP_Software_Assurance_Maturity_Model_Project
- OWASP Testing Guide ("best practice" penetration testing framework) http://www.owasp.org/index.php/Category:OWASP_Testing_Project
For any inquiries about OWASP, OWASP Projects, or for interviews and/or backgrounds, please utilize our CONTACT FORM so we can track and route your request.
- March 12, 2012: AppSec DC Press Release: [http://owasp.blogspot.com/2012/03/appsecdc-2012.html]
- March 9, 2012: OWASP Mission and Principles: [http://owasp.blogspot.com/2012/03/owasp-mission-and-principles.html]
For more information on OWASP events, please see The OWASP Conference page