Home

OWASP

OWASP, or the Open Web Application Security Project, is a nonprofit global community that aims to improve the security of software. It provides freely available resources, tools, and guidance to help organizations build secure applications and perform safer security testing.

Founded in 2001 by software security professional Mark Curphey, OWASP operates as an international, volunteer-driven organization

Key projects and resources include the OWASP Top Ten, a widely used list of the most critical

OWASP runs global conferences called AppSec and supports a network of local chapters that organize meetups,

Impact and usage: OWASP materials are widely used by developers, security practitioners, auditors, and researchers to

with
local
chapters
and
online
projects.
It
is
governed
by
a
board
and
supported
by
volunteers,
sponsors,
and
members
who
contribute
to
its
open
resources.
web
application
security
risks;
the
Web
Security
Testing
Guide
(WSTG);
the
Application
Security
Verification
Standard
(ASVS);
the
ZAP
(Zed
Attack
Proxy)
testing
tool;
the
SAMM
(Software
Assurance
Maturity
Model);
Cheat
Sheets;
Dependency-Check;
and
initiatives
focused
on
mobile
security.
These
projects
are
designed
to
be
openly
accessible
and
collaboratively
developed.
training,
and
collaborations.
All
resources
are
openly
licensed,
reflecting
the
organization’s
emphasis
on
community-driven,
openly
documented
software
security
practice.
assess
risk,
guide
secure
development,
and
perform
security
testing.
While
not
formal
standards,
OWASP
resources
are
considered
influential
references
in
the
software
security
field.