OWASP

Quality 0.50 · 4 views · Updated 2 months ago

Computer security organization

title: "OWASP" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["computer-security-organizations", "computer-standards", "501(c)(3)-organizations", "non-profit-organisations-based-in-belgium", "organizations-established-in-2001", "2001-establishments-in-belgium"] description: "Computer security organization" topic_path: "technology/computing" source: "https://en.wikipedia.org/wiki/OWASP" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

::summary Computer security organization ::

::data[format=table title="Infobox organization"]

FieldValue
nameOWASP
logoOWASP black logo.svg
type501(c)(3) nonprofit organization
founded2001
foundersMark Curphey
key_peopleAndrew van der Stock, Executive Director; Kelly Santalucia, Director of Events and Corporate Support; Harold Blankenship, Director of Technology and Projects; Jason C. McDonald, Director of Community Development; Dawn Aitken, Operations Manager; Lauren Thomas, Event Coordinator
purposeWeb security, application security, vulnerability assessment
methodIndustry standards, conferences, workshops
revenue$2.3 million (2017)
membershipapprox. 13,000 volunteers (2017)
website
::

| name = OWASP | logo = OWASP black logo.svg | logo_size = | type = 501(c)(3) nonprofit organization | founded = 2001 | founders = Mark Curphey | location = | key_people = Andrew van der Stock, Executive Director; Kelly Santalucia, Director of Events and Corporate Support; Harold Blankenship, Director of Technology and Projects; Jason C. McDonald, Director of Community Development; Dawn Aitken, Operations Manager; Lauren Thomas, Event Coordinator | area_served = | purpose = Web security, application security, vulnerability assessment | method = Industry standards, conferences, workshops | revenue = $2.3 million (2017) | endowment = | membership = approx. 13,000 volunteers (2017) | owner = | slogan = | website = | dissolved = | footnotes =

OWASP, the Open Worldwide Application Security Project (formerly Open Web Application Security Project), is an online community that publishes open-source information and resources on IoT, system software and web application security. It is led by a non-profit called The OWASP Foundation.

History

Mark Curphey started OWASP on September 9, 2001. Jeff Williams served as the volunteer Chair of OWASP from late 2003 until September 2011. , Matt Konda chaired the Board. The OWASP Foundation, a 501(c)(3) non-profit organization in the US established in 2004, supports the OWASP infrastructure and projects. Since 2011, OWASP is also registered as a non-profit organization in Belgium under the name of OWASP Europe VZW. In February 2023, it was reported by Bil Corry, a OWASP Foundation Global Board of Directors officer, on Twitter that the board had voted for renaming from the Open Web Application Security Project to its current name, replacing Web with Worldwide. In May 2023, the OWASP Gen AI Security Project was started to expand the scope of the OWASP Top 10 List to document the most critical risks associated with LLMs.

Resources

Tools

  • OWASP ZAP: a penetration testing tool.
  • Webgoat: a deliberately insecure web application created by OWASP as a guide for secure programming practices.

Publications

  • OWASP Top Ten
    • The "Top Ten", first published in 2003, is an annual listing of critical application security risks. Many standards, books, tools, and many organizations reference the Top 10 project, including MITRE, PCI DSS, the Defense Information Systems Agency (DISA-STIG), and the United States Federal Trade Commission. | url= https://www.synopsys.com/software-integrity/resources/knowledge-database/owasp-top-10.html | title= Open Web Application Security Project Top 10 (OWASP Top 10) | year= 2017 | department= Knowledge Database | website= Synopsys | publisher= Synopsys, Inc | access-date= 2017-07-20 | quote= Many entities including the PCI Security Standards Council, National Institute of Standards and Technology (NIST), and the Federal Trade Commission (FTC) regularly reference the OWASP Top 10 as an integral guide for mitigating Web application vulnerabilities and meeting compliance initiatives.
  • OWASP Development Guide
  • OWASP Testing Guide
  • OWASP Code Review Guide
  • OWASP Top 10 Incident Response Guidance.

Models and standards

  • OWASP Software Assurance Maturity Model
  • OWASP Application Security Verification Standard (ASVS): A standard for performing application-level security verifications.

Other projects

  • OWASP XML Security Gateway (XSG) Evaluation Criteria Project.
  • OWASP AppSec Pipeline
  • OWASP Automated Threats to Web Applications
  • OWASP API Security Project
  • OWASP AI Maturity Assessment Project (AIMA)

Certifications

They also have several certification schemes.

References

References

  1. Huseby, Sverre. (2004). "Innocent Code: A Security Wake-Up Call for Web Programmers". Wiley.
  2. (12 February 2023). "OWASP Foundation Staff". OWASP.
  3. (May 9, 2013). "OWASP FOUNDATION INC". [[ProPublica]].
  4. (26 October 2018). "OWASP Foundation's Form 990 for fiscal year ending Dec. 2017".
  5. "OWASP Internet of Things".
  6. "Board".
  7. "OWASP Europe".
  8. "Global Board".
  9. Corry, Bil. (2023-02-25). "A change you might notice about @owasp , the Board voted to change the "W" from "Web" to "Worldwide", making it the "Open Worldwide Application Security Project"".
  10. "Introduction, Project Background - OWASP Gen AI Security Project".
  11. "OWASP Top Ten".
  12. Trevathan, Matt. (1 October 2015). "Seven Best Practices for Internet of Things". Database and Network Journal.
  13. Crosman, Penny. (24 July 2015). "Leaky Bank Websites Let Clickjacking, Other Threats Seep In". American Banker.
  14. Pauli, Darren. (4 December 2015). "Infosec bods rate app languages; find Java 'king', put PHP in bin". The Register.
  15. (20 April 2015). "OWASP top 10 vulnerabilities". IBM.
  16. (November 2013). "Payment Card Industry (PCI) Data Security Standard". PCI Security Standards Council.
  17. "Authorization remains #1 issue{{dash}}OWASP 2023 Top 10 List".
  18. "OWASP Incident Response Project{{dash}}OWASP".
  19. "What is OWASP SAMM?".
  20. (2015). "Foundations of Information Security Based on ISO27001 and ISO27002". Van Haren.
  21. "Category:OWASP XML Security Gateway Evaluation Criteria Project Latest". Owasp.org.
  22. "OWASP AppSec Pipeline".
  23. (July 2015). "AUTOMATED THREATS to Web applications". OWASP.
  24. "OWASP API Security Project{{dash}}OWASP Foundation".
  25. "OWASP AI Maturity Assessment Project{{dash}}OWASP Foundation".
  26. "qa.com {{!}} Certified OWASP Security Fundamentals (QAOWASPF)".
  27. "A01 Broken Access Control{{dash}}OWASP Top 10:2021".
  28. "A02 Cryptographic Failures{{dash}}OWASP Top 10:2021".

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::

computer-security-organizationscomputer-standards501(c)(3)-organizationsnon-profit-organisations-based-in-belgiumorganizations-established-in-20012001-establishments-in-belgium