Corporate Supporters

Attendees at a Global AppSec Conference

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. Our programming includes:

  • Community-led open source software projects
  • Over 200+ local chapters worldwide
  • Tens of thousands of members
  • Industry-leading educational and training conferences

Corporate support accelerates our impact. Become a member or sponsor today.

We are an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security. For nearly two decades corporations, foundations, developers, and volunteers have supported the OWASP Foundation and its work.

Supporting the Foundation

There are many ways to participate and support the mission of OWASP.

  • Employees can participate in our Projects and Local Chapters
  • Become a Corporate Member
  • Sponsor the Foundation and our Events
  • Make a charitable gift to the Foundation to support our ongoing work.

Corporate Membership

Choosing to be a Corporate Member of the OWASP Foundation demonstrates your organization’s commitment to information security. Annual Corporate Membership pricing begins at $5,000 and is dependent on yearly revenue. Organizations up to $50 million the fee is $5,000. For those between $50 million and $100 million the annual fee is $15,000. And for companies with yearly revenue more than $100 million the Corporate Membership Fee is $25,000. All memberships include:

  • Listing in rotation as Corporate Supporter site-wide on
  • Up to $2,500 of your Fee can be applied towards a Global AppSec sponsorship
  • Public acknowledgment on various other channels
  • Vote in the Global Board of Directors election
  • Discounted sponsorship rates at participating events

To learn more please Contact Us today!

Corporate Membership for Start-Up’s

Annual discounted Corporate Membership rates are available for start-up companies in the first 12 months, max 24 months of Corporate Membership. $800 annually for developing regions $2,000 annually for all other countries  Benefits include:

  • Listing in rotation as Corporate Supporter site-wide on
  • Public acknowledgment on various other channels
  • Vote in the Global Board of Directors election
  • Discounted sponsorship rates at participating events

To learn more please Contact Us today!

Corporate Membership for Developing Regions

Annual Regional Corporate Membership pricing is available for companies in developing regions. Pricing begins at $2,000. It is dependent on the location of company headquarters, and their yearly revenue. Organizations up to $50 million the fee is $2,000. For those between $50 million and $100 million the annual fee is $6,000. And for companies with yearly revenue more than $100 million the Corporate Membership Fee is $10,000. Benefits include:

  • Listing in rotation as Corporate Supporter site-wide on
  • Public acknowledgment on various other channels
  • Vote in the Global Board of Directors election
  • Discounted sponsorship rates at participating events

To learn more please Contact Us today!


Organizations looking to support the mission of OWASP while also interested in exhibiting at conferences like our Global AppSec events, should consider Corporate Sponsorship. These packages offer the best value and include:

  • Event Exhibition space - up to five events per year
  • Discounted conference and training passes
  • Listing in rotation as Corporate Supporter site-wide on
  • Public acknowledgment on various other channels

Visit Corporate Sponsorship to learn more about these packages. And if you’re ready, please Contact Us today!

Corporate Members, Sponsors & Supporters

Disclaimer: The following information is not an endorsement for any particular entity and reflects the messaging of the supporter only.

  • 7ASecurity strives to provide the highest quality security consulting services within budget constraints. In a time when low quality, uncustomized and mostly automated 'audits' are commonplace, 7ASecurity prides itself on tailoring assessments to the threat models and needs of its customers. This puts 7ASecurity in a unique position within the information security industry, delivering maximum value for money, finding vulnerabilities where other companies come empty, and underlining our motto Quality Pentests & Code Audits. Following the same philosophy, 7ASecurity delivers top quality security training where students get lifetime updates at no extra charge.

  • Acunetix lets you manage security risks associated with your web presence. It detects an extensive range of web vulnerabilities and helps you eliminate them. Acunetix uses unique technologies to discover issues that evade other tools. It can be integrated within your SDLC to provide comprehensive protection at all stages. Acunetix is the most established product of its class on the market. It is the tool of choice of many industry leaders including Fortune 500 companies.

  • Adobe is changing the world through digital experiences. Great experiences have the power to inspire, transform, and move the world forward. And every great experience starts with creativity. Creativity is in our DNA. Our game-changing innovations are redefining the possibilities of digital experiences. We connect content and data and introduce new technologies that democratize creativity, shape the next generation of storytelling, and inspire entirely new categories of business.

  • Akeero is the ultimate automated security design platform for cloud-native environments. Built by experienced security architects, and integrated with existing Automation and DevOps toolsets, Akeero helps teams to collaboratively build secure apps and networks better, faster - all before a line of code is ever written by allowing teams to automatically embed security and compliance requirements into their Software Development Lifecycle. Whether you’re already in the cloud, or you’re planning on migrating there, Akeero will enable you to securely design your cloud-native infrastructure.

  • Altitude Networks tackles data security in the cloud to protect enterprises against unauthorized data access, accidental or malicious sharing to unintended individuals, and data theft.

  • AppSealing is a trusted player in the world of mobile application security. In today’s application-focused world, security can’t slow down your speed of development. We utilize runtime application self-protection features to build scalable security solutions for your mobile apps business in quick time without 'ANY CODING'. Our powerful security suite ensures real-time in-depth application security like source code protection, anti-reverse engineering, cheat tool & emulator detection/blocking, and enforces app integrity. It protects 800+ mobile apps and 800 million+ devices, successfully blocking 70 million+ threats across the globe. Our esteemed clientele spans across Gaming, Fintech, Movie apps, E-comm, Healthcare, and O2o.

  • Atlassian unleashes the potential in every team. Our products help teams organize, discuss and complete shared work. Today Atlassian is the leading provider of collaboration software for teams at more than 110,000 companies globally, including top brands like Citigroup, eBay, Coca-Cola, Visa, BMW and NASA. We help teams at organizations of all sizes, from start-ups to large companies, and more than 75 percent of Fortune 100 companies are Atlassian customers.

  • BSG is a privately-held consulting firm specializing in application security, penetration testing, and professional training. Since our founding in 2014, we have delivered hundreds of successful projects to more than 80 clients in all major verticals. We help our customers build a risk-aware mindset and integrate security principles into all aspects of their business.

  • Black Hat is the most technical and relevant information security event series in the world. For more than 20 years, Black Hat Briefings have provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.

  • Bugcrowd is the world’s number one crowdsourced security company. Our award-winning platform combines actionable, contextual intelligence with the skill and experience of the world’s most trusted, skilled hackers to help leading organizations solve security challenges, protect customers, and make the digitally-connected world a safer place.

  • CA Technologies helps customers succeed in a future where every business—from apparel to energy—is being rewritten by software. From planning to development to management to security, at CA we create software that fuels transformation for companies in the application economy.

  • Cequence Security is a venture-backed cybersecurity software company founded in 2015 and based in Sunnyvale, CA. Its mission is to transform application security by consolidating multiple innovative security functions within an open, AI-powered software platform that protects customers web, mobile, and API-based applications – and supports today’s cloud-native, container-based application architectures. The company is led by industry veterans that previously held leadership positions at Palo Alto Networks and Symantec. Customers include F500 organizations across multiple vertical markets, and the solution has earned multiple industry accolades.

  • Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. Amongst the company's 1,000 customers are 5 of the world's top 10 software vendors and many Fortune 500 and government organizations. Checkmarx CxSAST is a highly accurate and flexible Source Code Analysis product that allows organizations to automatically scan a un-compiled/un-built code and identify hundreds of security vulnerabilities in the most prevalent coding languages.

  • Code Dx is committed to reducing barriers to effective application security. Our automated application vulnerability correlation and management tools help find and fix insecure code faster, with less effort and a smaller team. Focus your precious resources on developing valuable new features, and ship secure code faster and more often.

  • Contrast Security is the only company that enables applications to automatically detect and fix vulnerabilities, identify attacks, and defend themselves. Contrast employs security instrumentation to strengthen applications before they deploy, protect them in production and provide visibility throughout the application lifecycle.

  • DataDome is the #1 SaaS bot protection solution at the edge: strong performer in The Forrester New Wave™: Bot Management, and several times leader of the Bot Detection and Mitigation software section on G2.COM.DataDome offers real-time AI protection against all OWASP automated threats: credential stuffing, application DDoS, scalping, carding, vulnerability scanning, scraping... Deployed in minutes, on any infrastructure, it is compatible with multi-cloud and multi-CDN setups. DataDome runs on autopilot - its users remain in full control thanks to the industry’s most comprehensive dashboard. DataDome protects 10,000+ domains worldwide, including TripAdvisor, Rakuten, Kurt Geiger, FootLocker, Kogan, BlaBlaCar and Adevinta.

  • Denim Group is the leading independent application security firm, serving as a trusted advisor to customers on matters of application risk and security. The company helps organizations assess and mitigate application security risks.  Denim Group’s flagship ThreadFix platform accelerates the process of application vulnerability remediation, reflecting the company’s rich understanding of what it takes to fix application vulnerabilities faster.

  • Detectify is a domain monitoring and web application security startup. We automate hacker attacks to help businesses stay on top of emerging threats and secure applications. Today, we collaborate with over 150 handpicked white-hat hackers to continually improve our modern test bed of 1500+ security tests from the cutting edge of security. Go Hack Yourself!and enthusiasts around the globe. Topics that are taught at the Academy include; container security, secrets management, SAST, DAST, cloud security and much more!

  • dmarcian is a self-funded B-corp, dedicated to upgrading the entire world’s email by making DMARC accessible to all. Our platform facilitates users in deploying DMARC, visualizing email delivery data and managing domains in the long-term. We help domain owners large and small fight business email compromise, phishing and spoofing with superior tooling, educational resources, and knowledgeable support.

  • ES believes that organizations want to be more secure, resilient and productive. Organizations needs are not only technical but also strategical. With high quality consulting services and products, along with certified experts in international standards and best practices, allows organizations to increase maturity levels and understand how risks and threats should be faced and mitigated.

  • ExtraHop gives you the perspective you need to understand your hybrid attack surface from the inside out. Our industry-leading network detection and response platform is purpose-built to help you rise above the noise of alerts, silos, and runaway technology so you can secure your future in the cloud.

  • SECURE AND DELIVER EXTRAORDINARY DIGITAL EXPERIENCES F5’s portfolio of automation, security, performance, and insight capabilities empowers our customers to create, secure, and operate adaptive applications that reduce costs, improve operations, and better protect users.

  • The Faraday© platform lets you level up your Vulnerability Management program. Providing powerful Automation Technology, Agents with Process Scheduler, integrating more than 75 tools, vulnerability deduplication and custom reports, Faraday is helping cybersecurity engineers do meaningful work with all your risk sources in one place. Your time is limited and valuable, don't waste it doing boring and repetitive tasks.

  • Since 2001, Fluid Attacks has been developing cybersecurity products and providing solutions for clients from different industries. Our comprehensive continuous hacking solution offers the perfect combination of effective automation and human intelligence to find and close all vulnerabilities in our clients' systems. Find more information at

  • GitLab is a complete open-source DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development process costs and decrease time to market while increasing developer productivity.

  • HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020. Headquartered in San Francisco with a presence in London, New York, the Netherlands, France, Singapore, and 70+ other global locations.

  • Hdiv Security delivers continuous security that natively integrates into all stages of the software lifecycle (SDLC), automating application security. Hdiv’s Unified Application Security platform accurately finds security vulnerabilities and protects applications, microservices, and APIs from a broad range of attacks and exploits, including those that can be considered design flaws. Leveraging IAST, SCA and RASP technologies, Hdiv Security enables DevSecOps by incorporating application security automatically into DevOps pipelines.

  • We combine know-how in the areas of security consulting, IT governance, risk & compliance with conceptual strength, innovation and implementation expertise. In addition to protecting applications and networks, our core competencies also include organizational tasks such as setting up security, risk, and service management system. HiSolutions AG is one of the leading consulting specialists for IT management and information security in Germany. More than 200 experts advise in the areas of security consulting, IT governance, business continuity management, and digitalization. We actively participate in the development of national and international standards and are involved in various research projects and university teachings.

  • Indusface is a SaaS company that secures critical Web applications of 2000+ global customers using its award-winning platform that integrates Web application scanner, Web application firewall, CDN, and threat information engine. The company has been mentioned in the Gartner Magic Quadrant and Forrester Tech Now reports, is CERT-In empanelled as a trusted scanning vendor, and has been the recipient of many awards such as the Economic Times Top 25, Nasscom DSCI Top Security Company of the Year Award and is funded by Tata Capital Growth Fund.

  • INFRA (Intelligence Framework) develops Artificial Intelligence driven hacking technologies for military/government entities and corporations with fuzzing and machine learning, finding more, verifying more and automating more to limit human errors and maximizing reliability in Vulnerability Assessments, Penetration Tests and Intelligence, INFRA reduces the time for the security analysis automating most parts of tests that are normally done manually by the analysts. Specialized in web applications, servers and IoT, the platform can conduct also phishing campaigns and automated exploiting.

  • Intertrust provides trusted computing products and services to leading global corporations. Products include the world’s leading digital rights management (DRM), software tamper resistance, and technologies to enable private data exchanges for energy, entertainment, retail/marketing, automotive, fintech, and IoT.  Founded in 1990, headquartered in Silicon Valley with offices globally. Intertrust has a legacy of invention, and its fundamental contributions in the areas of computer security and digital trust are globally recognized. Intertrust holds hundreds of patents underpinning Internet security, trust, and privacy management components of operating systems, trusted mobile code and networked operating environments, web services, and cloud computing.

  • IriusRisk is the industry's leading threat modeling solution in Application Security. With enterprise clients including Fortune 500 banks, payments, and technology providers, it empowers security and development teams to ensure applications have security built-in from the start - using its powerful threat modeling platform. Whether teams are implementing threat modeling from scratch, or scaling-up their existing operations, the IriusRisk approach results in improved speed-to-market, collaboration across security and development teams, and the avoidance of costly security flaws.

  • Kovert is a Norwegian Information Security consulting team specializing in offensive security testing. We aim to find the vulnerabilities before the bad guys do. We strongly believe in the value of openly sharing information and security knowledge. We have a dedicated focus on sharing research and getting involved with our local and worldwide information security community.

  • At Lyft, community is what we are and it’s what we do. It’s what makes us different. To create the best ride for all, we start in our own community by creating an open, inclusive, and diverse organization where all team members are recognized for what they bring.

  • Netsparker develops an industry leading automated web application security scanner. Available as Windows desktop software and as a Cloud service, the Netsparker scanner is very easy to use and its proof-based vulnerability scanning technology enables you to easily and automatically detect SQL Injection, Cross-site scripting and other vulnerabilities in your websites, web applications and web services. Netsparker’s unique scanning, detection and auto exploitation techniques allow it to be dead accurate. Therefore you do not have to waste time manually verifying the scanner’s findings and instead can focus on fixing the identified vulnerabilities. Netsparker is trusted and used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank.

  • NetSPI is a privately held information-security consulting company founded in 2001. By using its consulting team's deep security knowledge and its CorrelatedVM vulnerability management & reporting solution, the company is a trusted advisor to large enterprises. NetSPI provides a range of assessment and advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards. Clients include large financial services firms, retailers, healthcare organizations and technology companies.

  • NeuraLegion helps significantly improve application security at a lower cost by providing a 0-false positive, AI powered DAST solution, purpose built for modern development environments. We integrate into DevOps environments and enable you to run DAST scans as part of your CI/CD flows to identify a broad set of known (7,000+ payloads) and unknown (0-day) security vulnerabilities. We enable you to scan multiple protocols across Web, mobile & API and are built for developers to provide compliance on every build by providing remediation guidelines for every vulnerability identified.

  • Noname Security is a holistic security platform that allows enterprises to see and secure managed and unmanaged APIs. Leveraging AI models specifically tailored for API security, Noname exposes rogue APIs with thorough discovery, brings cyberattack protection, and deep API traffic insights while being completely out of band, with no agents and no network modifications.

  • Only the NowSecure Platform delivers automated 360-degree coverage of mobile app security testing with the speed and depth modern enterprises require. The world’s most demanding organizations and advanced security teams trust NowSecure to identify the broadest array of security, privacy, and compliance gaps in custom, third-party, and business-critical mobile apps.

  • Our mission is to help people see data in new ways, discover insights, unlock endless possibilities.

  • OWA are your security conscious digital experts. We create and support secure web applications, mobile apps and websites – and we host and protect them too. As a trusted partner to businesses, charities and local government for over 25 years, we understand the importance of building good relationships. We focus on delivering outstanding results and competitive, end-to-end solutions in design, development, support and hosting on every project. Happily our customers think so too – we are pleased to say we have high levels of client satisfaction and retention. Why not get in touch to talk through your project or idea?

  • Packetlabs is a Toronto-based security consulting firm specialized in advanced penetration testing. We offer several services, including penetration testing, web & mobile application testing, objective-based penetration testing, threat modelling and breach response. Our unique approach to sourcing top talent enables us to discover hard-to-find vulnerabilities and ultimately avoid a costly data breach. We have helped clients across several industries, including SaaS, design agencies, retail, financial, government services and law enforcement. Our comprehensive approach to Application Security Testing leverages OWASP as a foundation for everything that we do. READY FOR MORE THAN A VA SCAN?®

  • is powered by a team united by its shared passion for cybersecurity and the hacker mindset it’s rooted in. Adrian Furtuna (CEO) founded it in 2013 as a solution to the need of a reliable online resource for security tests. Ever since, evolved into a pentesting and vulnerability assessment platform that millions rely on every year. It deeply integrates multiple security testing tools and automation features that eliminate 80% of manual work. Pentesters, consultants, MSPs, and IT professionals use it to get quality results and high-impact findings while gaining time to deal with complex issues at scale.

  • Perimeter 81 was launched in 2018 as the second company of cybersecurity experts Amit Bareket and Sagi Gidali, who met at Tel Aviv University in 2012 while studying computer science. Perimeter 81 provides secure access to local networks, applications and cloud infrastructures with one unified platform. By transforming the outdated, hardware-based security appliances into a cloud-based SaaS solution, we are simplifying network security for the modern and distributed workforce and helping organizations of all sizes and in many industries to secure their remote workers. Since its founding, Perimeter 81 has quickly gained traction in the Secure Access Service Edge (SASE) and Network as a Service market, and is transforming the way companies consume cyber and network security. Perimeter 81 has been named a Gartner Cool Vendor, holds a patent for Automatic Wi-Fi Security, and is considered by industry leaders to be winning the “SASE space race”.

  • Ping An Insurance known also as Ping An of China, full name Ping An Insurance Company of China, Ltd. is a Chinese holding conglomerate whose subsidiaries mainly deal with insurance, banking, and financial services. The company was founded in 1988 and has its headquarters in Shenzhen.

  • Praetorian is a cybersecurity solutions company whose mission is to make the digital world safer and more secure. Through expertise and engineering, Praetorian helps today’s leading organizations solve complex cybersecurity problems across critical enterprise assets and product portfolios. From the Cloud to IoT, we are bringing together the world’s security expertise to solve the cybersecurity problem and secure the next wave of innovation.

  • Proack is a Canadian consulting firm with a focus on offensive security, threat and vulnerability management, and cybersecurity program advisory. Our services include application, mobile, and infrastructure penetration testing; secure SDLC advisory and training; cloud security; security maturity assessments; and roadmap development. Proack consultants have a broad range of experience working with clients, from advising executive leadership on enterprise-wide security maturity assessments, to designing security program roadmaps for CISOs, as well as working with developers and security analysts to remediate specific application vulnerabilities.

  • Probely finds vulnerabilities or security issues in web applications and provides guidance on how to fix those issues. It can be integrated into development processes (SDLC) and continuous integration pipelines (CI/CD), in order to automate security testing. Probely helps you narrow the gap between development, security and operations, by making security an intrinsic characteristic of the web development life-cycle and achieve fast time-to-market.

  • Prophaze is a Native Cloud Security Platform used by organizations, businesses, and SaaS providers along with their DevOps and security teams to protect their web-facing assets from all types of cyber threats using its behavioral based threat detection algorithms. Prophaze having its WAF + RASP capabilities, along with fingerprinting-based bot detection is an economical substitute for traditional or legacy-based WAFs in which costs of ownership, deployment, maintenance, monitoring, and tuning are high. Supports public cloud, private cloud, on-premise deployment. It is also a native WAF for Kubernetes that secures microservices across Kubernetes clusters from malicious or illegitimate traffic and requests.

  • Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. The Qualys Cloud Platform and its integrated apps - including Web Application Scanning (WAS) - help businesses simplify security operations and lower the cost of compliance by delivering critical security intelligence and automating the full spectrum of auditing, compliance, and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance.

  • Rakuten Security Team, aka the Cyber Security Department, is a team of multi-national professionals aim to protect Rakuten's users and maintain the peaceful order of the Internet society. With its cross continent branches, the Rakuten Security Team is not only responsible for the Cyber Security of Rakuten Inc, but also its group companies across Asia, Americas and Europe, which together serves 70+ services to almost 1.4 Billion users. Inside of the team includes Rakuten-CERT (, our emergency response team established from 2007, which has been a long time Cyber Security Guardian for Rakuten.

  • RankSense is a startup on a mission to shorten SEO results from 6 months down to 6 weeks using artificial intelligence and automation. Our software operates similar to a Web Application Firewall in the Cloudflare CDN, but instead of patching incoming HTTP traffic to avoid security exploits, we patch outgoing HTTP traffic to fix issues in the HTML that can prevent effective search engine indexing.

  • Realware is a digital transformation solution provider that offers complete e-business solutions. Realware starts with expert strategy, realizes it in impactful design and functional solutions, and sustains growth with ongoing support and development. Our Custom SaaS deployment model allows our clients to take advantage of our functional and non-functional (security, performance, compliance) expertise. Realware has helped global enterprises achieve their international business goals for over 20 years. Brands from industries as diverse as telecommunications, health care, consumer products and financial services come to us (and come back) because of the continued value we deliver.

  • Salesforce is the world’s (#)1 customer relationship management (CRM) platform. Our cloud-based applications for sales, service, marketing, and more don’t require IT experts to set up or manage — simply log in and start connecting to customers in a whole new way.

  • Salt Security makes it safe to innovate by protecting the APIs at the core of every SaaS, web, mobile, microservices and IoT application. Our API Protection Platform is deployed in minutes, and requires no configuration or customization. We use patented behavioral protection to automatically and continuously discover and learn the granular behavior of each unique API to ensure protection. The company was founded in 2016 by alumni of the Israeli Defense Forces (IDF) and serial cybersecurity executives. In 2019 Salt Security was selected as a finalist for the RSA Innovation Sandbox and as the winner of the OWASP Innovation Fair.

  • SCSK provides a full lineup of services to support any area of IT solution required for businesses from system integration to IT infrastructure implementation, IT management, BPO(business process outsourcing), and IT hardware and software sales.In addition, we take advantage of the capability to support a global IT system network for customers including Sumitomo Corporation, aiming for further leaps ahead as a global IT services company.

  • Secure Code Warrior makes software security intrinsic to developer workflows. Our vision is to inspire a global community of security conscious developers who ship quality code faster so they can focus on creating amazing, safe software for our world. Secure Code Warrior pioneered an innovative developer-centric approach to improving secure coding skills, and built an expanding suite of tools and flexible delivery methods that appeal to all development teams. The Secure Code Warrior Learning Platform offers content covering more than 50 language:framework-specific categories, and over 5,500 challenges covering nearly 150 different vulnerabilities.Learn more at

  • SecureBrain a Hitachi Group Company is a leader in providing software and services to help protect enterprises and their customers against cybercrime including online fraud and malware attacks. To ensure that our customers are always protected from the latest trend of cybercrime, SecureBrain has its own advanced security research center. Team of security researchers works closely with many Japanese government research agencies to research and develop solutions against the latest cyber threats.

  • At SecureFlag, we teach secure coding through hands-on exercises that run in real, fully configured development environments created on-demand and available via the web browser.Developers and DevOps engineers learn defensive programming via a gamified, adaptive training platform that includes learning paths, tournaments, assessments, and powerful metrics. Our platform is 100% hands-on, replaces ineffective secure coding quizzes, and uses an engine able to live-test code changes, instantly displaying whether the code has been fixed and awarding points upon exercise completion. SecureFlag is a proud OWASP Partner, providing training for all OWASP members alongside its Enterprise edition for corporate clients.

  • Using our own proven approach and platform, we train product owners, software development teams, operations, decision makers, in how to do deliver securely at scale and in controlled and regulated environments. With our background in data-driven, high-value service delivery we wrap our offering in product and process security assessments to enable our clients to see real improvements and demonstrate clear ROI. Our expertise is unmatched and our commitment to securing the delivery of the IT systems critical to our clients’ businesses, and to all the people involved in that delivery, makes us unique in the field of application security.

  • Secure Ideas has delivered penetration testing, training, and security consulting services to clients in every industry since 2010. We are known in the information security community for our expertise in testing applications, including web, mobile, and APIs. Secure Ideas operates on a foundation of ethics marked by our popular tagline "Professionally Evil". We also strongly believe in the value of openly sharing information and security knowledge, which is why we champion affordable training and offer many of our short-form classes for free.

  • SecurityFirst by SEFISA is a security consulting firm specialized in blue and red team services. With our talented and passionate team of experts we have been serving customers in all major verticals since 1996. We help our customers to develop the security in-depth approach and to focus on people rather than tools.

  • Security Innovation is a pioneer in software security and trusted advisor to its clients. Since 2002, organizations have relied on our assessment and training solutions to make the use of software systems safer in the most challenging environments – whether in Web applications, IoT devices, or the cloud. The company’s flagship product, CMD+CTRL Cyber Range, is the industry’s only simulated Web site environment designed to build the skills teams need to protect the enterprise where it is most vulnerable – at the application layer. Security Innovation is privately held and headquartered in Wilmington, MA USA.

  • Security Initiative is a security consulting firm specializing threat lead penetration testing, application vulnerability assessment for various enterprise environments, including financial sector based in Japan, delivers continuous security consulting individually tailored based on the penetration tests results conducted by highly qualified information security experts with the principle of "Genchi Genbutsu" (collecting facts and data at the actual site of the work or problem). The company also dedicates OWASP's local community and the company's CEO is a current OWASP Sendai local chapter leader, actively contributing to the local community.

  • Security Journey is the leader in application security education using security belt programs. We guide our clients many in tech, healthcare, and finance to building long-term, sustainable application security culture. We incorporate everything you need to deploy and manage an education program. Our cloud-based platform delivers application security lessons from an ever-growing library of content, provides hands-on, immersive experiments, measures student and organizational growth, rewards student achievements, and transforms an enterprise’s security culture. We promote security awareness organization-wide with learning that is engaging, motivating, and fun. In short, we provide security education developers, testers, and managers love.

  • ShiftLeft is a continuous application security platform, purpose built for the modern software development life cycle. It combines next-generation static code analysis to quickly and accurately identify vulnerabilities with application instrumentation to protect the application in an automated workflow. This combination of runtime-informed code analysis and code- informed runtime protection delivers the most accurate, automated, and comprehensive application security solution.

  • Signal Sciences secures the most important web applications, APIs, and microservices of the world's leading companies. Our next-gen WAF and RASP help you increase security and maintain site reliability without sacrificing velocity, all at the lowest total cost of ownership. Learn how our patented approach can help you.

  • SIG gives technology leaders the visibility they need to address current software problems and prevent future ones from ever happening. Drawing on proprietary methods and decades of expertise, SIG helps organizations fundamentally improve the security and performance of the enterprise applications that support every aspect of their businesses.

  • SonarSource builds world-class products for Code Quality and Security. Our open-source and commercial code analyzers - SonarLint, SonarCloud, SonarQube - support 27 programming languages, empowering dev teams of all sizes to solve coding issues within their existing workflows. With over 6,000 customers, and a Community Edition trusted by more than 200,000 organizations globally, SonarSource products are a de-facto standard for teams and organizations to deliver better, safer software.

  • Sqreen is the application security platform for the modern enterprise. More than 800 organizations trust Sqreen to protect, observe and test their applications, APIs and microservices. As opposed to static pattern-based approaches, Sqreen analyses application execution logic in real time to deliver more robust security without compromising performance. This empowers security owners to easily extend protection and visibility across their entire application portfolio without requiring on-going maintenance and tuning.

  • StackHawk is dynamic application vulnerability scanning built for modern development teams. With simple configuration, easy invocation via docker command, and interpretable results, StackHawk is built for developers to take control of their AppSec.

  • Symantec Corporation (NASDAQ: SYMC), the world’s leading cybersecurity company, helps organizations, governments, and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud, and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats.

  • Synopsys technology is at the heart of innovations that are changing the way we live and work. The Internet of Things. Autonomous cars. Wearables. Smart medical devices. Secure financial services. Machine learning and computer vision. These breakthroughs are ushering in the era of Smart, Secure Everything―where devices are getting smarter, everything’s connected, and everything must be secure. Powering this new era of technology are advanced silicon chips, which are made even smarter by the remarkable software that drives them. Synopsys is at the forefront of Smart, Secure Everything with the world’s most advanced tools for silicon chip design, verification, IP integration, and application security testing. Our technology helps customers innovate from Silicon to Software, so they can deliver Smart, Secure Everything.

  • Tala protects modern websites and web applications across the full spectrum of client-side vulnerability. No other solution offers similar breadth of security coverage. Tala’s analysis engine evaluates over 50 unique indicators of a web page’s behavior to continuously monitor and detect anomalous activity within the server, the website supply chain, or malicious code executing at the user’s browser. This dynamic AI-driven analytics engine works in conjunction an automation engine that activates standards-based capabilities, like CSP, SRI and HSTS to protect against a wide range of app layer attacks like magecart, cross-site scripting, clickjacking, iframe injection, session-redirects, client-side malware, etc.

  • We are a software consultancy and community of passionate purpose-led individuals, 7,000+ people strong across 43 offices in 14 countries. Over our 25+ year history, we have helped our clients solve complex business problems where technology is the differentiator. When the only constant is change, we prepare you for the unpredictable.

  • UBsecure is a leading web application security company based in Japan since 2007. We offer various security solutions for web application and smartphone application by utilizing in-house developed application security testing tool, Vex. Vex built by a tremendous amount of experience in professional security scanning and by its continuous feedback. The unique characteristic of the tool is that it used as a stand-alone security testing tool as well as the seamless security testing component within the SDLC. Therefore, Vex is not only for professional security auditors but also for software developers who need secure development cycles. Please visit our site for more information about Vex.

  • Veracode gives companies a comprehensive view of security defects so they can create secure software, and ensure the software they are buying or downloading is free of vulnerabilities. As a result, companies using Veracode are free to boldly innovate, explore, discover, and change the world.

  • Verimatrix helps power the modern connected world with security made for people. We protect digital content, applications, and devices with intuitive, people-centered and frictionless security. Leading brands turn to Verimatrix to secure everything from premium movies and live streaming sports, to sensitive financial and healthcare data, to mission-critical mobile applications. We enable the trusted connections our customers depend on to deliver compelling content and experiences to millions of consumers around the world. Verimatrix helps partners get to market faster, scale easily, protect valuable revenue streams and win new business.

  • Virsec delivers a radically new approach to security, protecting enterprise applications from today’s most dangerous cyber threats. Virsec definitively stops fileless and in-memory exploits that bypass conventional security, delivering unprecedented accuracy, while eliminating false positives. The solution protects the entire application stack in runtime, including web apps, memory, files, processes, and binary code. By preemptively stopping attacks, Virsec delivers effective virtual patching and compensating controls for any application, whether new, legacy, or un-patchable.

  • Voatz is an award winning mobile elections platform that leverages cutting-edge technology including biometrics, remote identity verification and a blockchain-based infrastructure to increase accessibility and security in elections. Since 2016 Voatz has run more than 65 successful elections with state and local governments, universities, nonprofits, and both major state political parties for convention voting. In 2018, Voatz partnered with West Virginia to empower deployed military and overseas citizens to vote, marking the first mobile votes in U.S. election history. So far, 29 counties in 5 US states have successfully piloted the Voatz mobile voting technology.

  • Wallarm delivers automated cloud-native application and API security throughout application development and deployment lifecycle. Wallarm AI-powered Application Security Platform includes FAST for CI/CD-integrated security test automation during development and Advanced WAF attack blocking and vulnerability protection after deployment. Wallarm platform aligns security and development into a unified pipeline.

  • The Waratek ARMR Platform provides unique protection in the applications runtime environment. This unique security layer provides fast and accurate security in the compilation pipeline, providing protection that becomes part of your application – but never requires changes to source code.

  • WhiteHat Security is the leader in application security, enabling businesses to protect critical data, ensure compliance, and manage risk. Through a combination of technology, over a decade of intelligence metrics, and the judgment of people, WhiteHat Security provides complete web security at a scale and accuracy unmatched in the industry.

  • The leading solution for agile open source security and license compliance management, WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time.  It provides remediation paths and policy automation to speed up time-to-fix. It also prioritizes vulnerability alerts based on usage analysis.  We support over 200 programming languages and offer the widest vulnerability database aggregating information from dozens of peer-reviewed, respected sources. 

  • ZeroNorth is the first company to deliver risk-based vulnerability orchestration across applications and infrastructure. By orchestrating scanning tools across the entire software lifecycle, ZeroNorth provides a comprehensive and continuous view of risk, and reduces costs associated with managing disparate technologies. ZeroNorth empowers customers across all industries to rapidly scale application and infrastructure security, while integrating seamlessly into developer environments to simplify and verify remediation.