The Open Worldwide Application Security Project (OWASP) was established in 2001 as a nonprofit foundation dedicated to improving software security. It was founded by Mark Curphey and has since grown into the most recognized name in application security education and standards.
OWASP is best known for its Top 10 list, a regularly updated ranking of the most critical web application security risks. The list — which includes categories like injection, broken authentication, and security misconfiguration — is referenced in security policies, compliance frameworks, and developer training programs worldwide. The most recent version was published in 2021.
Beyond the Top 10, OWASP maintains dozens of open-source projects including the OWASP ZAP (Zed Attack Proxy) web security scanner, the OWASP Testing Guide, the Application Security Verification Standard (ASVS), and the Mobile Application Security Verification Standard (MASVS). These resources are free and community-maintained.
OWASP operates through local chapters in cities around the world, where security professionals meet to share knowledge. The foundation also organizes AppSec conferences — major events in the application security calendar that attract thousands of attendees.
The organization is volunteer-driven and funded by corporate sponsors and individual memberships. Companies like Google, Microsoft, and Salesforce contribute financially, while thousands of security professionals contribute their time and expertise.
OWASP’s headquarters are in Maryland, USA, but it’s a global operation by nature. The foundation’s materials have been translated into multiple languages, and its guidelines influence security practices in organizations of every size, from startups to governments.
