Welcome To OWASP

The Open Web Application Security Foundation

OWASP Foundation

​

MISSION

Open Web Application Security Project (OWASP) is a nonprofit foundation improving the security of software. Through community-led open source software projects, over 200 local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.

Annually seven million technologists and developers visit owasp.org

SECURE THE WEB

The OWASP Community

• OWASP is a worldwide free and open community focused on improving the security of application software.�
• Our mission is to make application security visible so that people and organisations can make informed decisions about application security risks.

​

Session at Global AppSec Amsterdam

SECURE THE WEB

Its all for free

• Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.�
• All OWASP events (except conferences) are free to attend by both members and non-members of OWASP - and can be attended by anyone who is interested in Application Security and Cyber Security in general.

Member Lounge at OWASP Conference

SECURE THE WEB

The OWASP Foundation

• We are a Global not-for-profit charitable organisation
• Vendor-Neutral Community
• Collective Wisdom of the Best Minds in Application Security Worldwide
• Provide free tools, guidance, documentation
• Meetings are free to attend (free drinks & food included)
• Meetings are usually 2-hour seminars�(usually 2 main talks, with optional lightning talks)

SECURE THE WEB

World Wide

• 207 local Chapters in 56 countries… and counting!

​

SECURE THE WEB

OWASP Projects

• 189 Projects including 20 Flagship Projects

SECURE THE WEB

UK Chapters

• Belfast
• Birmingham
• Bristol
• Cambridge
• Dorset
• London
• Manchester
• Newcastle
• Royal Holloway (inactive)
• Scotland
• Sheffield
• Suffolk

​

SECURE THE WEB

We are all VOLUNTEERS!

45,000+ OWASP volunteers worldwide

SECURE THE WEB

SECURE THE WEB

Premier members (donate $20,000/year):

New Corporate Members

SECURE THE WEB

SECURE THE WEB

CTF Prizes

SECURE THE WEB

OWASP Amass

• Flagship Project
• Performs network mapping of attack surfaces
• Part of Kali Linux
• Used by Bug Bounty Hunters
• Stores Findings in a GraphDB

​

SECURE THE WEB

OWASP ZAP

• Flagship Project
• Web App DAST tool
• Integrates into CI/CD Pipeline
• GitHub Actions and GitLab Modules exist
• 140+ Contributors

SECURE THE WEB

OWASP Cheat Sheet

• Flagship Project
• Helps Devs with AppSec Issues
• Project is lead by industry veterans
• 130+ Contributors

SECURE THE WEB

OWASP Defect Dojo

• Flagship Project
• Consolidated Security Findings
• Over 60 tool Integrations
• De-dupes findings
• Connects to Jira for bug reporting

​

SECURE THE WEB

Security Knowledge Framework

• Flagship Project
• Helps Devs with AppSec Training
• Part of the OpenSSF
• An Open Source SaaS version is being developed
• https://beta.securityknowledgeframework.org/dashboard

SECURE THE WEB

OWASP OWASP ESAPI

• OWASP® ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
• The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications.
• ESAPI for Java also serves as a solid foundation for new development.

SECURE THE WEB

OWASP Top Ten Proactive Controls

SECURE THE WEB

How to Contribute?

• Contribute back to projects
• Volunteer at your local chapter
• Become a member! (~ $5 per month)
• Provide some words of encouragement to project leaders
• Identify improvement opportunities and report them
• Start your own OWASP Project!
• Start an OWASP Chapter!

SECURE THE WEB

Keep In Touch

SECURE THE WEB