OWASP

OWASP, the Open Worldwide Application Security Project, is a nonprofit foundation that works to improve the security of software through community-led open source projects, educational resources, and global conferences. Founded in 2001 and celebrating its 25th anniversary in 2026, the organization is driven entirely by volunteers and maintains strict vendor neutrality, ensuring its resources remain accessible to everyone free of charge. The OWASP Top 10, updated triennially, is the most widely referenced application security awareness document in the industry, categorizing the most critical security risks facing web applications. The organization hosts over 300 community projects including 15 flagship resources. Key flagship projects include the OWASP Cheat Sheet Series providing crucial application security implementation guidance, Juice Shop as a modern intentionally vulnerable web application for training with version 20 adding AI-powered challenges, Dependency Check as a software composition analysis tool suite for scanning dependency vulnerabilities, and Dependency-Track version 5.0 for continuous supply chain component analysis. The OWASP Testing Guide, OWASP ASVS, and OWASP MASVS provide comprehensive testing and verification standards. The Zed Attack Proxy, known as ZAP, is the world's most widely used web application security scanner. The Global AppSec conference series hosts over 800 cybersecurity experts per event in cities including Vienna and San Francisco, featuring keynotes, hands-on training, Capture the Flag challenges, and OWASP Project demos. Corporate supporters include OpenText Fortify, Adobe, Checkmarx, Invicti, and Tenable. The foundation recently launched agentic code audit in partnership with Aikido Security. Copyright 2026 OWASP Foundation, Inc.