Organization profile
We improve the security of apps with community-led open source projects, 260 local chapters, and tens of thousands of members worldwide. Famous for OWASP Top 10.
Browse the latest writing surfaced through DevArt.
Shift-left doesn't start with scanning the code for security vulnerabilities; it begins with...
Johan Sydseter10 min read
At the OWASP Cornucopia project, we are done with updating the cards and help pages for the Website...
Johan Sydseter7 min read
Why do we keep our darkest fears secret? Publish them, and bring light to the darkest corners of your...
Johan Sydseter5 min read
Would you like to be our card game designer for the OWASP Cornucopia Website Edition...
Johan Sydseter2 min read
Shift-left doesn't start with scanning the code for security vulnerabilities; it begins with...
Johan Sydseter6 min read
At OWASP Cornucopia we have long stated that we will create more decks, and now we...
Johan Sydseter2 min read
The clouds can be a scary place. All these machines that simply aren't yours. So, how can...
Johan Sydseter4 min read
Are you letting the AI do the threat modeling for you? There is no need to let the machines...
Johan Sydseter3 min read
The pandemic drove a considerable increase in fully remote teams, which made card games quite...
Johan Sydseter4 min read
OWASP® Cornucopia is launching brand-new versions of the OWASP Cornucopia decks with QR...
Johan Sydseter5 min read
In Admincontrol, both our Android app and our IOS app just passed the MASVS 2.0...
Johan Sydseter6 min read
Did you know that there is a game for threat modelling mobile apps? In Admincontrol we are...
Johan Sydseter8 min read
After exploring how to create a secure and persistent application architecture in Secure &...
Martin Belov29 min read
by Carlos Holguera and Sven Schleier In cyber security staying ahead of potential threats and...
OWASP Foundation4 min read
What is Input validation Input validation is one of the basic security controls that help...
Mohamed AboElKheir5 min read
By Martin Belov & Starr Brown In the previous article we learned how to develop security...
Martin Belov16 min read
Building requirements is one of the first steps in the SDLC, where we define the goals and objectives...
Martin Belov8 min read
In the face of increasing cyberattacks, application security is becoming critical, requiring...
Martin Belov3 min read
Intro to Application Security A developer-focused series about the fundamentals...
Starr Brown3 min read
As you might now, we recently released OWASP® Cornucopia 2.0 with two new editions, but did...
Johan Sydseter3 min read
I started out as a web designer 16 years ago and my first website got brutally hacked, not...
Johan Sydseter6 min read
The OWASP Top 10 is a collection of the most common application security risks, based around...
Andrew van der Stock4 min read
by Donnie Brown As we navigate through an increasingly digital world, the landscape of internet...
Donnie Brown3 min read
by Adam Shostack Wouldn't it be nice to be able to anticipate security problems and design to...
Adam Shostack3 min read
by Ziv Daniel Hagbi Hello to all Citizen Developers out there! Are you using Low-Code/No-Code...
OWASP Foundation2 min read
by Erlend Oftendal and Naane Baars SQL injection was introduced in an article by Rain Forrest Puppy...
OWASP Foundation6 min read
by Aaron Guzman and Jason C. McDonald The recent release of the Office of the National Cyber...
Aaron Guzman5 min read