The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
OWASP Application Security Guide For CISOs Project Among application security stakeholders, Chief Information Security Officers (CISOs manage application security programs according to their own roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout the guide.
New OWASP Projects
OWASP Security Labeling System Project The purpose of this project is creating a transnational and market wise software security labeling system. Security is invisible, so the OWASP labeling system will help to make it visible. The system consists of different kinds of OWASP security labels for Web applications and Software.
OWASP Financial Information Exchange Security Project This project focuses on the FIX protocol with the aim of developing a java client to be used during security assessments of custom FIX implementations. The project will also produce best practice guidance for FIX protocol security. More to come soon ...
OWASP Reverse Engineering and Code Modification Prevention Project The purpose of this project is to educate application security experts about the risks and appropriate mitigation techniques that organizations should implement to prevent an adversary from reverse engineering or modifying the developer's code within untrustworthy environments. More to come soon ...
OWASP Code Review Guide Project Message from Project Leader,Larry Conklin. I am in need of authors to sign up to finish some chapters of the Code Review Guide V 2.0. I am hoping we can get twelve articles done by the first of the year.
Authors, if you want to write other content, please do so. We have a lot of work already completed. We need to finish this book. Please do not sign up for more than one article at a time. You can do more than one article, but lets concentrate on one thing at a time. Remember - write in the wiki, write often, HAVE FUN.
OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us
Support the OWASP Foundation while finishing your Holiday Shopping
The OWASP Foundation is enrolled with Amazon Smile. When you shop at Amazon by clicking the logo below, OWASP will receive 0.5% in donations. Thank you for your continued support!
The OWASP Foundation is a community of security professionals. Tap into the collective knowledge by submitting your security questions to the Security 101 mailing list. Subscribe to the list
The Cavalry Is US: Protecting the Public Good - Nicholas Percoco and Joshua Corman (Recorded at AppSec USA 2013 in New York, NY) This session will both frame the plans to engage in Legislative, Judicial, Professional, and Media (hearts & minds) channels and to organize and initiate our constitutional congress working sessions. The time is now. It will not be easy, but it is necessary, and we are up for the challenge.
December 18, 2013 at 10am EDT December 18, 2013 at 9pm EDT Links to the recordings of previous meetings can be found on the Initiatives Page
The Board of Directors have recently approved three new OWASP Project related policy and guideline documents. They outline the rules of engagement for grant spending, project spending, and project sponsorship.
The Project Sponsorship Operational Guidelines aims to provide clear expectations of how sponsors and projects are expected to interact when sponsorship funds are given to a project. To view the documents, please click on the corresponding link.