🏳️OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation

Website faviconowasp.org

OWASP Foundation, the Open Source Foundation for Application Security on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

Explore the world  

of cyber security

=====================================

Driven by volunteers, OWASP resources are accessible for everyone.

* * *

* * *

* * *

[](https://owasp.glueup.com/event/123983/register/)

Get ready for an unforgettable experience at the OWASP Global AppSec EU Conference!

-----------------------------------------------------------------------------------

From May 26-30, 2025, [join over 700 cybersecurity experts](https://barcelona.globalappsec.org) at the spectacular Centre de Convencions Internacional de Barcelona (CCIB) for an event like no other. This year’s reimagined conference promises to ignite your passion for security with cutting-edge presentations from world-class keynote speakers. Dive into one of six action-packed tracks covering everything from OWASP projects to specialized sessions for builders, developers, breakers, defenders, and manager/culture.

[Register today and take advantage of early bird pricing!](https://owasp.glueup.com/event/123983/register/)

[](https://owasp.glueup.com/event/131624/register/)

Get ready for the ultimate cybersecurity experience at the OWASP Global AppSec US Conference in Washington, D.C.!

-----------------------------------------------------------------------------------------------------------------

From November 3-7, 2025, [join over 800 industry experts](https://owasp.glueup.com/event/owasp-2025-global-appsec-usa-washington-dc-131624/) at the stunning Marriott Marquis for an event that promises to ignite your passion for security. This is your chance to connect, learn, and grow with some of the brightest minds in the field. Prepare to be inspired by powerful keynote speakers and dive deep into six action-packed tracks covering everything from OWASP Projects to specialized topics like builder/developer, breaker, defender, and manager-culture. Whether you’re looking to expand your skills or discover new solutions, you’ll find everything you need to stay ahead of the curve.

[Register today and take advantage of super early bird pricing!](https://owasp.glueup.com/event/131624/register/)

[](https://www.eventbrite.com/e/owasp-snowfroc-2025-tickets-1015564008287)

The Denver OWASP Chapter is proud to present SnowFROC ‘25!

----------------------------------------------------------

SnowFROC (Front Range OWASP Conference) is Denver’s premier application security conference. It is an annual, one-day conference which draws about 400 people. For SnowFROC 2025 the event will be held Friday March 14th. While billed as, “Denver’s premier application security conference”, SnowFROC’s presentations and workshops focus on many facets of cybersecurity and over the years, SnowFROC has come to be known for its exceptional value: Hands-on training, excellent food, spectacular networking, great location/venue and professional orchestration.

[Register today](https://www.eventbrite.com/e/owasp-snowfroc-2025-tickets-1015564008287)

[](https://www.owaspappsecdays.fr/2025/#page-top)

Come to Paris for OWASP AppSec Days France 2025!

------------------------------------------------

OWASP AppSec Days France 2025 is the first OWASP local conference held in Paris, France. It will be held on Tuesday, September 23, 2025. It will be a conference with presentations from speakers and renowned European experts. We hope to welcome more than 150 security professionals for this day that promises to be full of opportunities.

[More details](https://www.owaspappsecdays.fr/2025/#page-top)

* * *

[Advisory on Software Bill of Materials and Real-time Vulnerability Monitoring for Open-Source Software and Third-Party Dependencies](/blog/2025/02/24/advisory-on-implementation-of-software-bill-of-materials-for-vulnerability-management.html)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Steve Springett, February 24, 2025

The OWASP Foundation, in collaboration with the [Cyber Security Agency (CSA) of Singapore](https://www.csa.gov.sg/), presents this advisory on using Software Bill of Materials (SBOM) for enhanced vulnerability management, highlighting [OWASP CycloneDX](https://cyclonedx.org/)—a format standardized by [Ecma International](https://ecma-international.org/) as [ECMA-424](https://ecma-international.org/publications-and-standards/standards/ecma-424/) —and underscoring OWASP’s joint efforts with both Ecma International and CSA. The advisory also features [OWASP Dependency-Track](https://dependencytrack.org/) the reference platform for how to consume and analyze SBOMs. For details, including GitHub and GitLab examples and additional references, please see the [original advisory published by CSA](https://www.csa.gov.sg/resources/publications/advisory-on-software-bill-of-materials-and-real-time-vulnerability-monitoring-for-open-source-software-and-third-party-dependencies).

[...read more](/blog/2025/02/24/advisory-on-implementation-of-software-bill-of-materials-for-vulnerability-management.html)

### Upcoming at OWASP

Quick access to our highlighted  

**flagship** resources

See all [flagship resources](/projects/#flagship-projects)(15)

code

Dependency Check

SCA tool suite to check for dependency vulnerabilities

[

→

](https://owasp.org/www-project-dependency-check/)

code

Security Shepherd

Web and mobile application training platform

[

→

](https://owasp.org/www-project-security-shepherd/)

standards

ASVS

The industry standard for web application security verification

[

→

](https://owasp.org/www-project-application-security-verification-standard/)

Have an idea for a project?

Take advantage of our resources and  

let it grow with OWASP.

[Start a project](https://owasporg.atlassian.net/servicedesk/customer/portal/7/create/70)

* * *

* * *

### Recent OWASP News & Opinions

*   [OWASP Juice Shop leadership changes & contributor recognition](/blog/2025/01/29/juice-shop-leadership.html), January 29, 2025

*   [Lifecycle events are part of the secure supply chain](/blog/2024/11/26/lifecycle-events-are-part-of-the-secure-supply-chain.html), November 26, 2024

*   [More than a Password Day 2024](/blog/2024/11/12/more-than-a-password-day-2024.html), November 12, 2024

*   [A workaround for OWASP Foundation emails being blocked by Microsoft Office 365](/blog/2024/10/30/owaspfoundation-org-emails.html), October 30, 2024

### Upcoming Conferences

*   [OWASP Global AppSec EU 2025](https://owasp.glueup.com/event/owasp-global-appsec-eu-2025-123983/), May 26-30, 2025

*   [OWASP Global AppSec USA 2025 - Washington, DC](https://owasp.glueup.com/event/owasp-2025-global-appsec-usa-washington-dc-131624/), November 3-7, 2025

*   OWASP Global AppSec USA 2026 - San Francisco, CA, November 2-6, 2026

* * *

* * *

[

Edit on GitHub

](https://github.com/OWASP/owasp.github.io/blob/master/index.md)