The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. There are over 130 OWASP Local Chapters world-wide that are free and open to anyone to attend.
OWASP tools and documents can be used to detect and to guard against security-related design and implementation flaws, as well as to add security-related activities into YOUR Software Development Life Cycle (SDLC). For more information please visit http://www.owasp.org or view a powerpoint overview of OWASP - Click Here
Featured projects include:
- OWASP Top 10 (The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are)
- OWASP WebGoat (WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application
- OWASP ESAPI (FOSS Security Library for Java, PHP, .NET, ASP and Haskell) http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
- OWASP Live CD! FREE APPSEC TOOLS! http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
- OWASP Application Security Verification Standard http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
- OWASP Code Review Guide http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
- OWASP Developers Guide http://www.owasp.org/index.php/Category:OWASP_Guide_Project
- OWASP.NET Project http://www.owasp.org/index.php/Category:OWASP_.NET_Project
- OWASP Legal Project (Secure Software Contracts for Developers/Clients) http://www.owasp.org/index.php/Category:OWASP_Legal_Project
- OWASP SAMM (Software Assurance Maturity Model)http://www.owasp.org/index.php/Category:OWASP_Software_Assurance_Maturity_Model_Project
- OWASP Testing Guide ("best practice" penetration testing framework) http://www.owasp.org/index.php/Category:OWASP_Testing_Project
More About OWASP Projects
- Application Security Verification Standard (ASVS) - The First Internationally-Recognized Standard for Performing Application Security Assessments.
- Enterprise Security API (ESAPI) - Do Not Build Your Own Security Controls!
- Legal Contract Annex - Build Security In, Before the Building Begins...
Upcoming OWASP Events
- July 2009 - OWASP New Zealand Day 2009 - New Zealand
- July 13th - 2 track conference, University of Auckland, Auckland, New Zealand (Registrations are Open)
- August 2009 - AppSec Academia Symposium
- September 2009 - OWASP AppSec Ireland 2009
- September 10th - 1-Day Conference at Trinity College in Dublin
- October 2009 - OWASP AppSec Brazil 2009
- October 7- 27th-30th Conference and tutorials at Câmara dos Deputados, Anexo II, Praça dos Três Poderes
- November 2009 - OWASP AppSec US 2009 - Washington, D.C.