OWASP
Computer security organization
From Wikipedia, the free encyclopedia
OWASP, the Open Worldwide Application Security Project (formerly Open Web Application Security Project), is an online community that publishes open-source information and resources on IoT, system software and web application security.[5] It is led by a non-profit called The OWASP Foundation.
 | |
 | |
| Founded | 2001[1] |
|---|---|
| Founders | Mark Curphey[1] |
| Type | 501(c)(3) nonprofit organization |
| Purpose | Web security, application security, vulnerability assessment |
| Method | Industry standards, conferences, workshops |
| Membership | approx. 13,000 volunteers (2017)[2] |
Key people | Andrew van der Stock, Executive Director; Kelly Santalucia, Director of Events and Corporate Support; Harold Blankenship, Director of Technology and Projects; Jason C. McDonald, Director of Community Development; Dawn Aitken, Operations Manager; Lauren Thomas, Event Coordinator[3] |
| Revenue |  $2.3 million (2017)[4] |
| Website | owasp |
History
Mark Curphey started OWASP on September 9, 2001.[1] Jeff Williams served as the volunteer Chair of OWASP from late 2003 until September 2011. As of 2015[update], Matt Konda chaired the Board.[6] The OWASP Foundation, a 501(c)(3) non-profit organization in the US established in 2004, supports the OWASP infrastructure and projects. Since 2011, OWASP is also registered as a non-profit organization in Belgium under the name of OWASP Europe VZW.[7] In February 2023, it was reported by Bil Corry, a OWASP Foundation Global Board of Directors officer,[8] on Twitter that the board had voted for renaming from the Open Web Application Security Project to its current name, replacing Web with Worldwide.[9] In May 2023, the OWASP Gen AI Security Project was started to expand the scope of the OWASP Top 10 List to document the most critical risks associated with LLMs. [10]
Resources
Tools
Publications
- OWASP Top Ten
- The "Top Ten", first published in 2003, is an annual listing of critical application security risks.[11][12][13][14][15] Many standards, books, tools, and many organizations reference the Top 10 project, including MITRE, PCI DSS,[16] the Defense Information Systems Agency (DISA-STIG), and the United States Federal Trade Commission.[17][18]
- OWASP Development Guide
- OWASP Testing Guide
- OWASP Code Review Guide
- OWASP Top 10 Incident Response Guidance.[19]