The OWASP Foundation OWASP The Open Web Application Security Project Join the application security community for free, unbiased, open source tools, guidelines, forums, and local chapters! We support developers and project managers with security guidance, tools, and materials throughout the software development lifecycle (SDLC):  Requirements and Use Cases  Architecture  Threat Modeling  Vulnerability Analysis  Scanning  Manual Penetration Testing  Code Review  Configuration Guides Free Tools * WebScarab Proxy * WebGoat Training * CAL9000 * LAPSE * Pantera *.NET and Java tools Projects * Web AppSec Guide * Testing Guide * Top Ten Vulnerabilities * AppSec FAQ * AppSec Metrics * AJAX * Code Review * Legal * PHP, J2EE,.NET Community * Local Chapters * AppSec Conferences * Mailing Lists * Forums * Portal Join Us Today! 77 WorldWide Chapters * Argentina * Atlanta * Austin * Austria * Bangalore * Belgium * Boston * Brazil * Brisbane * Buffalo * Charlotte * Chennai * Chicago * Chile * Cleveland * Colombia * Delhi * Denmark * Denver * Edmonton * Germany * Greece * Hong Kong * Hyderabad * Ireland * Israel * Italy * Kansas City * Kerala * Kolkata * London * Luxemburg * Madison * Malaysia * Manila * Melbourne * Memphis * Mexico City * Miami Ft Flauderdale * Minneapolis St Paul * Montgomery * Mumbai * Nashville * Netherlands * New Jersey * New York * Ohio * Omaha * Ottawa * Pakistan * Panama * Philadelphia * Phoenix OWASP materials apply to all web platforms including J2EE,.NET, LAMP, Cold Fusion, Struts, Web Services, IIS, WebSphere, WebLogic, Tomcat, and much more * Pittsburgh * Riyadh * Rochester * Sacramento * Saint Louis * San Antonio * San Francisco * San Jose * Seattle * Singapore * SoCal * Spain * Switzerland * Sydney * Taiwan * Tokyo * Toronto * Turkey * Vancouver * Virginia * Washington DC * Winnipeg

OWASP Major initiatives: Training CLASP Testing Project incubator Wiki portal Forums Blogs Top 10 Conferences WebScarab WebGoat Ajax J2EE.NET Yours! Validation Chapters Building our brand Certification Guide

OWASP Major Projects:  OWASP AJAX Security Project  OWASP AJAX Security Project - investigating the security of AJAX enabled applications  OWASP Application Security Assessment Standards Project  OWASP Application Security Assessment Standards Project - establish a set of standards defining baseline approaches to conducting differing types of application security assessment  OWASP Application Security Metrics Project  OWASP Application Security Metrics Project - identify and provide a set of App Sec metrics that have been found by contributors to be effective in measuring App Sec  OWASP AppSec FAQ Project  OWASP AppSec FAQ Project - an FAQ covering many application security topics  OWASP CLASP Project  OWASP CLASP Project - a project focused on defining process elements that reinforce application security  OWASP Code Review Project  OWASP Code Review Project - a new project to capture best practices for reviewing code  OWASP Guide Project  OWASP Guide Project - a massive document covering all aspects of web application and web service security  OWASP Honeycomb Project  OWASP Honeycomb Project - a comprehensive and integrated guide to the fundamental building blocks of application security  OWASP Legal Project  OWASP Legal Project - a project focused on contracting for secure software  OWASP Logging Project  OWASP Logging Project - a project to define best practices for logging and log management  OWASP Metrics Project  OWASP Metrics Project - a project to define workable application security metrics  OWASP PHP,.NET and Java and Project  OWASP PHP,.NET and Java and Project - a project focused on helping PHP,.NET, and Java developers build secure applications  OWASP Risk Management Project  OWASP Risk Management Project - a new project focused on processes for managing application security risk  OWASP Testing Project  OWASP Testing Project - a project focused on application security testing procedures  OWASP Top Ten Project  OWASP Top Ten Project - an awareness document that describes the top ten web application security vulnerabilities  OWASP WASS Project  OWASP WASS Project - a standards project to develop more concrete criteria for secure applications

OWASP Free tools:  OWASP CAL9000 Project  OWASP CAL9000 Project - a JavaScript based web application security testing suite  OWASP LAPSE Project  OWASP LAPSE Project - a project focused on developing an open source auditing tool for Java  OWASP.NET, Java Tools  OWASP.NET, Java Tools - a project focused on developing.NET and Java tools for web application security  OWASP Pantera Web Assessment Studio Project  OWASP Pantera Web Assessment Studio Project - a project focused on combining automated capabilities with complete manual testing to get the best results  OWASP SQLiX Project  OWASP SQLiX Project - a project focused on the development of SQLiX, a full perl-based SQL scanner  OWASP Validation Project  OWASP Validation Project - a project that provides guidance and tools related to validation.  OWASP WebGoat Project  OWASP WebGoat Project - an online training environment for hands-on learning about application security  OWASP WebScarab Project  OWASP WebScarab Project - a tool for performing all types of security testing on web applications and web services