A major contributor to this article appears to have a close connection with its subject. It may require cleanup to comply with Wikipedia's content policies, particularly neutral point of view. Please discuss further on the talk page.(December 2022) (Learn how and when to remove this message)
OWASP
Founded
2001[1]
Founder
Mark Curphey[1]
Type
501(c)(3) nonprofit organization
Focus
Web security, application security, vulnerability assessment
Method
Industry standards, conferences, workshops
Board of directors
Avi Douglen, Chair; Matt Tesauro, Vice-Chair; Bil Corry, Treasurer; Ricardo Griffith, Secretary; Kevin Johnson, Member-at-Large; Sam Stepanyan, Member-at-Large; Steve Springett, Member-at-Large[2]
Key people
Andrew van der Stock, Executive Director; Kelly Santalucia, Director of Events and Corporate Support; Harold Blankenship, Director of Technology and Projects; Jason C. McDonald, Director of Community Development; Dawn Aitken, Operations Manager; Lauren Thomas, Event Coordinator[3]
Revenue (2017)
$2.3 million[4]
Employees
0 (2020)[5]
Volunteers
approx. 13,000 (2017)[6]
Website
owasp.org
The Open Worldwide Application Security Project[7] (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security.[8][9][10] The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.
^ abHuseby, Sverre (2004). Innocent Code: A Security Wake-Up Call for Web Programmers. Wiley. p. 203. ISBN 0470857447.
^"OWASP Foundation Global Board". OWASP. February 14, 2023. Retrieved March 20, 2023.
^"OWASP Foundation Staff". OWASP. February 12, 2023. Retrieved May 3, 2022.
^"OWASP FOUNDATION INC". Nonprofit Explorer. ProPublica. May 9, 2013. Retrieved January 8, 2020.
^"OWASP Foundation's Form 990 for fiscal year ending Dec. 2020". October 29, 2021. Retrieved January 18, 2023 – via ProPublica Nonprofit Explorer.
^"OWASP Foundation's Form 990 for fiscal year ending Dec. 2017". October 26, 2018. Retrieved January 8, 2020 – via ProPublica Nonprofit Explorer.
^"Web" to "Worldwide" Bil Corry on Twitter
^"OWASP top 10 vulnerabilities". developerWorks. IBM. April 20, 2015. Retrieved November 28, 2015.
^Cite error: The named reference SCmag14 was invoked but never defined (see the help page).
^"OWASP Internet of Things". Retrieved December 26, 2023.
application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published...
ZAP (short for Zed Attack Proxy), formerly known as OWASP ZAP, is an open-source web application security scanner. It is intended to be used by both those...
"What is OWASP? Guide to the OWASP Application Security Top 10". Veracode. Retrieved 10 April 2018. Svartman, Daniel (12 March 2018). "The OWASP Top Ten...
Application Security Project (OWASP) provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2017 results...
"Category:OWASP Top Ten Project". OWASP. Archived from the original on May 19, 2011. Retrieved June 3, 2011. "Category:OWASP Top Ten Project". OWASP. Archived...
OWASP ModSecurity Core Rule Set (CRS). This is an open-source set of rules written in ModSecurity's SecRules language. The project is part of OWASP,...
(a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners, etc. It was developed by Mati Aharoni...
applications. In Java (and .NET), sanitization can be achieved by using the OWASP Java HTML Sanitizer Project. In .NET, a number of sanitizers use the Html...
original on 24 February 2018. Retrieved 10 December 2016. "OWASP Top 10 2013 A1: Injection Flaws". OWASP. Retrieved 19 December 2013. Noman, Haitham Ameen; Abu-Sharkh...
Security Testing Guide v4.2". OWASP. 2020-12-03. Archived from the original on 2021-04-20. Retrieved 2023-03-16. OWASP XML External Entity (XXE) Prevention...
cryptographic padding was added to the protocol. Data breach "Credential Stuffing". OWASP. "Credential Spill Report" (PDF). Shape Security. January 2017. p. 23. The...
and countermeasure DREAD – a classification system for security threats OWASP – an organization devoted to improving web application security through...
Global Information
$2.3 million[4]