Who is the OWASP® Foundation?
The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.
- Tools and Resources
- Community and Networking
- Education & Training
For nearly two decades corporations, foundations, developers, and volunteers have supported the OWASP Foundation and its work. Donate, Join, or become a Corporate Member today.
Project Spotlight: AI Security and Privacy Guide
AI applications are on the rise and so are the concerns regarding AI security and privacy. How can AI systems be attacked? How can they be protected? This is why OWASP is now offering the AI security & privacy guide - to provide clear and actionable insights on designing, creating, testing, and procuring secure and privacy-preserving AI systems. By open-sourcing our understanding of the state-of-the-art, we can create consensus and collect ideas from a variety of perspectives.
OWASP 2023 Global AppSec Dublin
Registration Open!
Join us in Dublin Feb 13-16, for leading application security technologies, speakers, prospects, and community, in a unique event that will build on everything you already know to expect from an OWASP Global Conference. Designed for private and public sector infosec professionals, the two-day OWASP conference equips developers, defenders, and advocates to build a more secure web. Join us for leading application security technologies, speakers, prospects, and the community, in a unique event that will build on everything you already know to expect from an OWASP Global Conference.
Vulnerability and Exploitability Transparency - VDR & VEX
I’ve been meaning to write this article for about six months and, honestly should have done it sooner. But let’s get on with it. With the rise of SBOM and software transparency, there is an equal push to be transparent about the vulnerabilities and their exploitability in the software we create and consume. These are all good things. In this article, I’ll be discussing two very different approaches, Vulnerability Disclosure Report (VDR) and Vulnerability Exploitability eXchange (VEX).
...read moreRecent OWASP News & Opinions
- Celebrating 10 Years of OWASP Dependency-Track, January 10, 2023
- Ubiq OWASP Member Benefit, January 4, 2023
- Share Your Feedback And Help Improve OWASP.org Site, November 15, 2022
- OWASP Top 10 CI/CD Security Risks, November 10, 2022
Upcoming Conferences
- OWASP Global AppSec Dublin 2023, February 13-16, 2023
- OWASP Global AppSec Washington DC 2023, October 30 - November 3, 2023
- OWASP Global AppSec San Francisco 2024, September 23-27, 2024
- OWASP Global AppSec Washington DC 2025, November 3-7, 2025