OWASP
This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit
Main Page
From OWASP
Jump to:
OWASP™ Foundation
the free and open software security community
Member Portal
About
Searching
Editing
New Article
OWASP Categories
Statistics
Recent Changes
Every vibrant technology marketplace needs an unbiased source of information on best practices as well as an active body advocating open standards. In the Application Security space, one of those groups is the Open Web Application Security Project™ (or OWASP for short).
The Open Web Application Security Project (OWASP) is a
501(c)(3)
worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security
visible,
so that
individuals and organizations
are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
Everyone is free to participate in OWASP and
all of our materials
are available under a free and open software license. You'll find everything
about OWASP
here on or linked from our wiki and current information on our
OWASP Blog
. OWASP
does not endorse or recommend commercial products or services
, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.
We ask that the community look out for
inappropriate
uses of the OWASP brand including use of our name, logos, project names, and other trademark issues.
There are thousands of
active wiki users
around the globe who review the changes to the site to help ensure quality. If you're new, you may want to check out our
getting started
page. As a global group of volunteers with over 45,000 participants, questions or comments should be sent to one of our many
mailing lists
focused on a topic or directed to the staff using the
OWASP Contact Us Form
Pick an OWASP Project
Find Your Local OWASP Chapter
Flagship Projects
Projects that have demonstrated strategic value to OWASP and application security as a whole
Tool Projects
OWASP Zed Attack Proxy (ZAP)
Automatically finds security vulnerabilities in your web applications while you are developing and testing your applications
OWASP Web Testing Environment (WTE)
A collection of easy-to-use application security tools and documentation available in multiple formats
OWASP OWTF
Pentesting tool to more efficiently find, verify and combine vulnerabilities in short timeframes
OWASP Dependency Check
A utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities
OWASP Security Shephard
A web and mobile application security training platform to foster and improve security awareness among a varied skill-set demographic
OWASP DefectDojo
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools
OWASP Juice Shop
An intentionally insecure webapp for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten and other severe security flaws
OWASP Security Knowledge Framework
A tool that is used as a guide for building and verifying secure software that can also be used to train developers about application security
OWASP Dependency Track
A Software Composition Analysis (SCA) platform that keeps track of all third-party components used in all the applications an organization creates or consumes. It monitors all applications in its portfolio in order to proactively identify vulnerabilities in components that are placing your applications at risk
Code Projects
OWASP ModSecurity Core Rule Set (CRS)
A set of generic attack detection rules for use with ModSecurity or compatible web application firewalls which aims to protect web applications from a wide range of attacks
OWASP CSRFGuard
A library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks
Documentation Projects
OWASP Application Security Verification Standard
Provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development
OWASP AppSensor
A conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into applications
OWASP Software Assurance Maturity Model (SAMM)
An open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization
OWASP Top Ten
A powerful awareness document for web application security that represents a broad consensus about the most critical security risks to web applications
OWASP Testing Guide
Includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues
OWASP Cheat Sheet Series
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics.
OWASP Mobile Security Testing Guide
A security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.
Thank you
to our our corporate supporters that enable us to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. A complete list of our current corporate and academic supporters can be found on our
Acknowledgements Page
Hundreds of Hours of
AppSec Videos
Citations
Who Trusts OWASP?
Citations of National & International Legislation, Standards, Guidelines, Committees and Industry Codes of Practice -
Click Here
OCoC
How can OWASP help your org?
Government Bodies
Educational Institutions
Standards Groups
Trade Organizations
Certifying Bodies
Development Organizations
Security101
Ask a software security question on our Slack channel -
open to all, experts to beginners
Upcoming Events
Security Conferences, Training
Global, Regional and Local -
Click Here
Start a Project
How to Start an OWASP Project
New Project
How to update an existing project
Existing Project
News
OWASP News
OWASP in the news: An excellent article on OWASP and the Internet of Things
OWASP newsletters report on events, projects, people, tools, updates
Sign Up Here...
Social Media
OWASP Foundation Social Media
Meet-Up
Facebook Group
Facebook Page
StackOverFlow
Slack
or
Join Slack Here
Google+
NING
Blog
OWASP Blog
The OWASP blog has global announcements -
Click Here
Podcast
Security Podcast
Listen as interviews are conducted with OWASP volunteers, industry experts
Click Here
Start a Chapter
OWASP Chapters
Start/Locate a
Local Chapter
Got Questions?
Please submit your questions, comments and requests and our
staff
will help
Click Here
Retrieved from "
Navigation menu
Personal tools
Request account
Namespaces
Main page
Discussion
Variants
Views
Read
View source
View history
More
About OWASP
Acknowledgements
Advertising
Books
Brand Resources
Careers
Chapters
Downloads
Events
Funding
Governance
Initiatives
Mailing Lists
Merchandise
Presentations
Press
Projects
Supporting Partners
Video
Reference
Activities
Attacks
Code Snippets
Controls
Glossary
How To...
Java Project
.NET Project
Principles
Technologies
Threat Agents
Vulnerabilities
Tools
What links here
Related changes
Special pages
Printable version
Permanent link
Page information
This page was last modified on 23 January 2020, at 13:51.
Content is available under
Creative Commons Attribution-ShareAlike
unless otherwise noted.
About OWASP
Disclaimers
Open Web Application Security Project, OWASP, Global AppSec, AppSec Days, AppSec California, SnowFROC, LASCON, and the OWASP logo are trademarks of the OWASP Foundation.
US