OWASP
Computer security organization
From Wikipedia, the free encyclopedia
OWASP, the Open Worldwide Application Security Project (formerly Open Web Application Security Project), is an online community that publishes open-source information and resources on IoT, system software and web application security.[5] It is led by a non-profit called The OWASP Foundation.
 | |
 | |
| Founded | 2001[1] |
|---|---|
| Founders | Mark Curphey[1] |
| Type | 501(c)(3) nonprofit organization |
| Purpose | Web security, application security, vulnerability assessment |
| Method | Industry standards, conferences, workshops |
| Membership | approx. 13,000 volunteers (2017)[2] |
Key people | Andrew van der Stock, Executive Director; Kelly Santalucia, Director of Events and Corporate Support; Harold Blankenship, Director of Technology and Projects; Jason C. McDonald, Director of Community Development; Dawn Aitken, Operations Manager; Lauren Thomas, Event Coordinator[3] |
| Revenue |  $2.3 million (2017)[4] |
| Website | owasp |
History
Mark Curphey started OWASP on September 9, 2001.[1] Jeff Williams served as the volunteer Chair of OWASP from late 2003 until September 2011. As of 2015[update], Matt Konda chaired the Board.[6] The OWASP Foundation, a 501(c)(3) non-profit organization in the US established in 2004, supports the OWASP infrastructure and projects. Since 2011, OWASP is also registered as a non-profit organization in Belgium under the name of OWASP Europe VZW.[7] In February 2023, it was reported by Bil Corry, a OWASP Foundation Global Board of Directors officer,[8] on Twitter that the board had voted for renaming from the Open Web Application Security Project to its current name, replacing Web with Worldwide.[9] In May 2023, the OWASP Gen AI Security Project was started to expand the scope of the OWASP Top 10 List to document the most critical risks associated with LLMs. [10]
Resources
Tools
Publications
- OWASP Top Ten
- The "Top Ten", first published in 2003, is an annual listing of critical application security risks.[11][12][13][14][15] Many standards, books, tools, and many organizations reference the Top 10 project, including MITRE, PCI DSS,[16] the Defense Information Systems Agency (DISA-STIG), and the United States Federal Trade Commission.[17][18]
- OWASP Development Guide
- OWASP Testing Guide
- OWASP Code Review Guide
- OWASP Top 10 Incident Response Guidance.[19]
Models and standards
Other projects
Certifications
OWASP offers several professional security certifications focused on web application security, including the OWASP Top 10 certification which validates knowledge of the most critical web application security risks, the OWASP Application Security Verification Standard (ASVS) certification for secure coding practices, the OWASP Software Assurance Maturity Model (SAMM) certification for organizational security maturity assessment, and the OWASP Security Knowledge Framework (SKF) certification for security awareness training. These certifications help professionals demonstrate expertise in secure development, testing, and application security management across different organizational roles and technical disciplines.[28][29][30][31]