OWASP Developer Guide


1. Introduction

Welcome to the OWASP Development Guide.

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. It is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.

Along with the OWASP Top Ten, the Developer Guide is one of the original resources published soon after the OWASP foundation was formed in 2001. Version 1.0 of the Developer Guide was released in 2002 and since then there have been various releases culminating in version 2.0 in 2005. Since then the guide has been revised extensively to bring it up to date. The latest versions are 4.x because version 3.0 was never released.

The purpose of this guide is to provide an introduction to security concepts and a handy reference for application / system developers. Generally it describes security practices using the advice given in the OWASP Software Assurance Maturity Model (SAMM) and describes the OWASP projects referenced in the OWASP Application Wayfinder project.

This guide does not seek to replicate the many excellent sources on specific security topics; it will rarely tries to go into details on a subject and instead provides links for greater depth on these security topics. Instead the content of the Developer Guide aims to be accessible, introducing practical security concepts and providing enough detail to get developers started on various OWASP tools and documents.

All of the OWASP projects and tools described in this guide are free to download and use. All OWASP projects are open source; do get involved if you are interested in improving application security.


The OWASP Developer Guide has been written by the security community to help software developers write solid, safe and secure applications. Developers should try and be familiar with most of this guide; it will help to write solid applications.

You can regard the purpose of this guide as answering the question: “I am a developer and I need a reference guide to describe the security activities I really should be doing and to navigate the numerous security tools and projects”

Or you can regard this guide as a companion document to the OWASP Application Wayfinder project: the Wayfinder mapping out the many OWASP tools, projects and documents with the Developer Guide providing some context.

Application Wayfinder Diagram

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.