The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
OWASP Xenotix XSS Exploit Framework The OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world's 2nd largest XSS Payloads of about 1500 + distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation For more information, please contact the Project Leader, Ajin Abraham.
Three OWASP tool projects were voted as the top security tools of 2013 by users and readers of ToolsWatch.org. OWASP ZAP ranked number one on the top ten list with OWASP Xenotix XSS Exploit Framework ranking number 5 and OWASP O-Saft SSL Advanced Forensic Tool ranking number 10. Congratulations to the project leaders and all of the contributors that helped make these OWASP tools so amazing.
OWASP OWTF 0.45.0 "Winter Blizzard" Released! This release contains many features such as the continued integrated work from the 4 OWASP OWTF Google Summer of Code projects (including post - GSoC improvements), and the initial work of "OWTF bonnet mode" a BruCon 5X5 project by Marios Kourtesis. Please contact Project Leader Abraham Aranguren for more information
OWASP ESAPI Hackathon Update! There are only 7 days left until the OWASP ESAPI Hackathon Contest closes. Contribute for a chance to win some great prizes. The ESAPI team is in need of more contributors. Spread the word or add some content yourself. Visit our OWASP blog page for more information on what and how to contribute. Project Review Assistance Required! The OWASP Technical Advisors and the OWASP PM are in the process of reviewing our projects and we would like to ask for your assistance with this assessment. We would like to ask that you take a bit of time to fill in a short survey that we will use to assess the Usability and Value of each project to its users and to the community You can find the assessment survey here: Project Usability and Value Assessment. For more detailed instructions on how to submit your comments, please contact Samantha Groves
Thank you to our newest Corporate Member: Ipswitch, Inc.
Thank you to NetSPI, SCSK Corporation, and Twitter for continuing to support the OWASP Foundation
AppSec LATAM 2014 - LATAM Tour (April 21 - May 12) In 2014, instead of holding an AppSec LATAM Conference, we are working on organizing a LATAM Tour. Building on the success of 2012 and 2013, the tour will empower the entire LATAM region to collaborate and to raise software security awareness in their region. This year's tour will be held between April 21st and May 9th. Please find additional information regarding the tour and on the scheduled stops by visiting the Tour Wiki Page.
OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us
Cyber Security Summit, April 9-10, 2014. Prague, Czech Republic. OWASP Members receive a 20% discount off of the general event registration fee by using THIS LINK
Upcoming for 2014
2013 is behind us and 2014 lies ahead. Our collective accomplishments in 2013 are just a hint of what we will achieve as an organization in the coming year. We would like to give you a peek at a couple of new opportunities on the road map for the beginning of the year.
2014 Operational Goals for OWASP Projects These goals have been put together based on Leader requests, and the need to continue work on other optional tasks from the previous year. They will be the goals and milestones for 2014. Please visit our OWASP Blog for a detailed list of the goals and milestones.
Global Training Initiative The goal of this initiative is to set the roadmap for an OWASP Training Program. Objectives include baseline knowledge, increasingly challenging courses, various educational tools, costs, revenue, and application for available grant or sponsorship funding.This initiative will begin in February. Estimated planning period will require a 60 day commitment. The initiative will transition to an implementation phase in Q2.
Quarterly Research Journal The Foundation would like to create a professionally designed and published Journal on a Quarterly Basis. The content of this journal will focus on research and new solutions to software security challenges. A team will be needed to review the paper submissions for content and applicability.
OWASP Site The Foundation is exploring the web capabilities that exist within the Salesforce Platform: specifically around the creation of communities and web presence using site.com. Individuals who have knowledge of site.com and Salesforce communities are invited to share their knowledge and assist with the creation of the collaboration platform.