# About OWASP

The Open Web Application Security Project (OWASP) is an open community dedicated to finding and fighting the causes of insecure software. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

<https://www.owasp.org/>

OWASP is a new type of entity in the security market. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of security technology.

We advocate approaching application security as a people, process, and technology problem. The most effective approaches to application security include improvements in all of these areas.

## Structure and Licensing

The OWASP Foundation is the not for profit (501c3) entity that provides the infrastructure for the OWASP community. The Foundation provides our servers and bandwidth, facilitates projects and chapters, and manages the worldwide OWASP AppSec Conferences.

All of the OWASP materials are available under an approved open source license. If you opt to become an OWASP member organization, can also use the commercial license that allows you to use, modify, and distribute all of the OWASP materials within your organization under a single license.

## Participation and Membership

Everyone is welcome to participate in our forums, projects, chapters, and conferences. OWASP is a fantastic place to learn about application security, network, and even build your reputation as an expert. Many application security experts and companies participate in OWASP because the community establishes their credibility.

If you get value from the OWASP materials, please consider supporting our cause by becoming an OWASP member. All monies received by the OWASP Foundation go directly into supporting OWASP projects.

## Projects

OWASP projects are broadly divided into two main categories, development projects, and documentation projects. Our documentation projects currently consist of:

* The Guide – This document which provides detailed guidance on web application security.
* Top Ten Most Critical Web Application Vulnerabilities – A high level document to help focus on the most critical issues.
* Metrics – A project to define workable web application security metrics.
* Legal – A project to help software buyers and sellers negotiate appropriate security in their contracts.
* Testing Guide – A guide focused on effective web application security testing.
* ISO17799 – Supporting documents for organizations performing ISO17799 reviews.
* AppSec FAQ – Frequently asked questions and answers about application security.

### Development projects include:

* WebScarab - a web application vulnerability assessment suite including proxy tools
* Validation Filters – (Stinger for J2EE, filters for PHP) generic security boundary filters that developers can use in their own applications
* WebGoat - an interactive training and benchmarking tool that users can learn about web application security in a safe and legal environment
* DotNet – a variety of tools for securing .NET environments.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://scriptingxss.gitbook.io/embedded-appsec-best-practices/about-owasp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.