Who is the OWASP® Foundation?
The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.
- Tools and Resources
- Community and Networking
- Education & Training
For nearly two decades corporations, foundations, developers, and volunteers have supported the OWASP Foundation and its work. Donate, Join, or become a Corporate Member today.
Project Spotlight: OWASP Top 10
We are back again with yet another OWASP Spotlight series and this time we have a project which needs no introduction and I got the chance to interact with Andrew van der Stock, OWASP Foundation Executive Director and the project leader for OWASP Top 10.
The OWASP Top 10 is a book/referential document outlining the 10 most critical security concerns for web application security. The report is put together by a team of security experts from all over the world and the data comes from a number of organisations and is then analysed.
OWASP 2022 Global AppSec APAC Virtual Event
Registration Open!
Join us virtually August 29 - September 1, for leading application security technologies, speakers, prospects, and community, in a unique event that will build on everything you already know to expect from an OWASP Global Conference.
New Recommendations to Improve The NVD
New recommendations drafted by members of OWASP, The Linux Foundation, Oracle, and others, aim to improve the accuracy of the NVD with a focus on modern, automated use cases. The group, informally named the “SBOM Forum”, is led by supply chain consultant and blogger, Tom Alrich. Their first paper titled A Proposal to Operationalize Component Identification for Vulnerability Management. recommends that MITRE and the NVD adopt Package URL for the identification of open source and commercial software along with multiple GS1 standards for hardware. In doing so, the accuracy of vulnerability management can be dramatically improved while increasing the efficiency and effectiveness of the teams doing it.
...read moreRecent OWASP News & Opinions
- Update on the bylaws, August 25, 2022
- Update on COVID Restrictions, July 28, 2022
- Update on the bylaw survey and sneak peek at the AMS, June 7, 2022
- Roadmap to version 5.0 of the OWASP ASVS project, May 15, 2022
Upcoming Conferences
- OWASP End of Summer Training, September 13-14, 2022 (BST)
- OWASP October Webinar, October 11-12, 2022 Australian Western Standard Time (AWST)
- OWASP 2022 Global AppSec San Francisco, November 14-18, 2022 Pacific Standard Time (PST)
- OWASP December Webinar, December 5-6, 2022 Eastern Standard Time (EST)