Who is the OWASP® Foundation?

The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.

  • Tools and Resources
  • Community and Networking
  • Education & Training

For nearly two decades corporations, foundations, developers, and volunteers have supported the OWASP Foundation and its work. Donate, Join, or become a Corporate Member today.

Project Spotlight: OWASP Top 10

Top 10 Logo

We are back again with yet another OWASP Spotlight series and this time we have a project which needs no introduction and I got the chance to interact with Andrew van der Stock, OWASP Foundation Executive Director and the project leader for OWASP Top 10.

The OWASP Top 10 is a book/referential document outlining the 10 most critical security concerns for web application security. The report is put together by a team of security experts from all over the world and the data comes from a number of organisations and is then analysed.

Read more..

OWASP 2022 Global AppSec APAC Virtual Event

OWASP 2022 Global AppSec APAC Virtual Event

Registration Open!

Join us virtually August 29 - September 1, for leading application security technologies, speakers, prospects, and community, in a unique event that will build on everything you already know to expect from an OWASP Global Conference.

Exhibit and Sponsorship Opportunities

Read more..

Raising the bar for application security assessments with the ASVS and MASVS


Josh Grossman, September 20, 2022

Over the years, Google has continually leveraged OWASP internally as well as externally as part of their developer education around Android and Google Cloud security best practices. This includes presentations at various conferences such as Droidcon and online guidance for Google Cloud. Earlier this year, Google started going a little further by analyzing OWASP MASVS and ASVS to see if these two standards can be used more prescriptively within their developer community.

...read more

Recent OWASP News & Opinions

Upcoming Conferences