OWASP Browser Security Project

The purpose of the OWASP Browser Security Project is to raise awareness, provide education, and establish best practices for securing modern web browsers, which now serve as the primary execution environment for most applications. The project aims to help both developers and users understand how browser features, extensions, and AI-enabled capabilities can introduce new risks, and to offer clear, actionable guidance for identifying, mitigating, and preventing these threats. By defining a common framework of browser security principles and top risks, the project seeks to make browser-layer security a core part of the global OWASP mission.

Road Map

Year One Roadmap for the OWASP Browser Security Project

In the first year, the project will focus on building a strong foundation of research, community engagement, and initial deliverables.

Quarter 1:

Form the core project team, establish the project charter, and recruit contributors from the OWASP community and industry partners. Begin mapping existing OWASP materials and external research to identify overlaps and gaps in browser security coverage.

Quarter 2:

Develop the first draft of the OWASP Browser Security Top 10, including community discussions and public calls for input. Begin outlining the Browser Security Guide with proposed sections and key topics.

Quarter 3:

Publish the beta version of the Browser Security Top 10 for public review. Begin producing early drafts of the Browser Security Guide chapters and create prototype content for the Browser Security Awareness Toolkit aimed at enterprise audiences.

Quarter 4:

Release the official OWASP Browser Security Top 10 v1.0, launch the initial Browser Security Guide online, and publish the first version of the Browser Security Awareness Toolkit. Conduct webinars and presentations at OWASP and industry events to encourage adoption and feedback, setting the stage for continuous improvement in year two.