The Open Web Application Security Project (OWASP) is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is a 501(c)(3) charitable organization that supports and manages OWASP projects and infrastructure. It has also been a registered non profit in Europe since June 2011.

OWASP is not affiliated with any technology company, although it supports the informed use of security technology. OWASP has avoided affiliation as it believes freedom from organizational pressures may make it easier for it to provide unbiased, practical, cost-effective information about application security.[citation needed] OWASP advocates approaching application security by considering the people, process, and technology dimensions.

OWASP's most successful[by whom?] documents include the book-length OWASP Guide.[1] and the widely adopted[by whom?] Top 10 awareness document[2][not in citation given] The most widely used[by whom?] OWASP tools include their training environment,[3] their penetration testing proxy WebScarab.[4] OWASP includes roughly 100 local chapters[5] around the world and thousands of participants on the project mailing lists.[citation needed] OWASP has organized the AppSe series of conferences to further build the application security community.[6]


OWASP projects are broadly divided into two main categories, development projects, and documentation projects. Its documentation projects currently consist of:

  • OWASP Application Security Verification Standard (ASVS)[7] – A standard for performing application-level security verifications.
  • The Guide – This document provides detailed guidance on web application security
  • Top Ten Most * DotNet – a variety of tools for securing .NET environments.
  • Enigform – A set of proof-of-concept client and server side applications to implement OpenPGP features into HTTP, such as Secure Session Management, Request/Response signing, and OpenPGP-Encrypted HTTP.
  • ESAPI – OWASP Enterprise Security API (ESAPI) Project – A free and open collection of security methods needed to build secure web applications.[8]
  • AntiSamy[9] – An enterprise web input validation and output encoding tool
  • XSSer - an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
  • Webgoat - a deliberately insecure web application created by OWASP as a guide for secure programming practices. Once downloaded, the application comes with a tutorial and a set of different lessons that instruct students how to exploit vulnerabilities with the intention of teaching them how to write code securely.
  • WebScarab - an http and https proxy server that can be used to intercept, examine and modify contents of packets. This allows a user to get a better understanding for what information is being sent to and from web servers and can be used to discover possible vulnerabilities.
  • OWASP Mantra Security Framework[10] [11] Collection of hacking tools, add-ons and scripts based on Firefox

Among other application security tools.

  • OWASP Mantra OS [12] [13] An Ubuntu based operating system built around the OWASP Mantra Security Framework.


OWASP was started on September 9, 2001 by Mark Curphey and Dennis Groves. The current chair is Michael Coates, and vice chair is Eoin Keary. The OWASP Foundation, a 501(c)(3) organization (in the US) was established in 2004 and supports the OWASP infrastructure and projects. OWASP is not about individual recognition but community knowledge sharing. The OWASP Leaders are responsible for managing the health of the OWASP community. Collectively, the OWASP Leaders can be thought of a steering committee for the OWASP Foundation.

OWASP has five employees and very low expenses, which are covered by conferences, corporate sponsors and banner advertisements. OWASP awards thousands of dollars each year of corporate and individual membership dues as grants to promising applications security research projects.

See also


  1. the OWASP Code Review Guide OWASP Guide
  2. OWASP OWASP Top Ten Project. (February 7, 2011). Retrieved on August 28, 2012.
  3. WebGoat. (January 18, 2012). Retrieved on August 28, 2012.
  4. and their .NET tools [ OWASP. (January 18, 2012). Retrieved on August 28, 2012.
  5. Chapter. OWASP (August 2, 2012). Retrieved on August 28, 2012.
  6. Category:OWASP AppSec Conference. OWASP. Retrieved on August 28, 2012.
  7. OWASP Application Security Verification Standard (ASVS)
  8. OWASP Enterprise Retrieved on August 28, 2012.
  9. AntiSamy
  10. OWASP Mantra Security Framework
  11. OWASP Mantra - Security Framework. Retrieved on 2012-09-08.
  12. OWASP Mantra OS
  13. Error on call to Template:cite web: Parameters url and title must be specified.

External links

de:Open Web Application Security Project es:Open Web Application Security Project fr:Open Web Application Security Project gl:OWASP ko:OWASP it:Open Web Application Security Project sv:Open Web Application Security Project

This article uses material from the Wikipedia article OWASP, that was deleted or is being discussed for deletion, which is released under the Creative Commons Attribution-ShareAlike 3.0 Unported License.
Author(s): Widefox Search for "OWASP" on Google
View Wikipedia's deletion log of "OWASP"

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.