Every vibrant technology marketplace needs an unbiased source of information on best practices as well as an active body advocating open standards. In the Application Security space, one of those groups is the Open Web Application Security Project (or OWASP for short). OWASP operates as a non-profit and is not affiliated with any technology company, which means it is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public. OWASP maintains roughly 100 local chapters and counts thousands of members. OWASP was started in 2001 and has operated since 2004 as the 501(c)(3) charitable OWASP Foundation which supports its infrastructure and projects. Its leadership is completely volunteer and makes decisions about technical direction, project priorities, schedule, and releases. OWASP has only three employees to keep its operating costs low. OWASP collects corporate and individual membership dues and conference fees to award grants each year to promising AppSec research projects. OWASP projects fall into two basic categories: development projects and documentation projects. Some of the foundation's more influential work includes:
OWASP hosts a number of global, regional and local events under the AppSec Conference banner. This important organization would tell any information security professional that the best way to understand the community’s mision is to become involved.