OWASP® Foundation

Let's Open-Source some kindness! Make a Donation - https:// owasp.org/donate/?repona me=owasp.github.io Join your local chapter - https:// owasp.org/chapters/ Find a project to get involved with - https:// owasp.org/projects/

Open‑source 𝗗𝗼𝗰𝗸𝗦𝗲𝗰 just got featured by ReversingLabs! Security teams don’t need more noise; they need decisions. DockSec cuts CVE overload with context‑aware insights + actionable fixes. Read why it’s gaining traction → reversinglabs.com/blog/owasp-ado…

🚨 Keynote Speaker Alert! 🚨 We’re excited to welcome @hannahfoxwell@hachyderm.io, Co-founder of BIMP, to Global AppSec Vienna! Her talk dives into AI-driven developer velocity, what works, what doesn’t, and how to stay secure at speed. Don’t miss it! owasp.glueup.com/event/owasp-gl… #AI #DevOps #AppSec

🚨 Keynote Speaker Alert! 🚨 We’re excited to welcome @hannahfoxwell@hachyderm.io, Co-founder of BIMP, to Global AppSec Vienna! Her talk dives into AI-driven developer velocity, what works, what doesn’t, and how to stay secure at speed. Don’t miss it! owasp.glueup.com/event/owasp-gl… #AI #DevOps #AppSec

🎉 First PR? Get paid for it! Introducing Dollar Deletions 💵 — a special campaign only for first-time contributors. linkedin.com/posts/owasp-bl… dev.to/owaspblt/first… #DevCommunity #LinkedIn

We’re proud to be featured in the first-ever @OWASP Impact Report! 🐝 Supporting their mission and helping the community connect with #OWASP chapters and events is at the core of what we do. Read the full report below. 👇🏽 #AppSec #InfoSec #CyberSecurity

With OWASP PTK 9.8.0 and the ZAP PTK add-on 0.3.0, findings from PTK can now show up in ZAP as native Alerts. zaproxy.org/blog/2026-04-0…

BREAKING: axios Maintainer or developer, do yourself a favor and star this repo, send it to your entire dev team, and follow curated and battle-tested advice to avoid future security incidents and npm package compromise: github.com/lirantal/npm-s… I CANNOT STRESS ENOUGH

🎙️Final Call The OWASP Global AppSec USA Call for Training (CFT) is Closing April 1st! Submit your training course today and be part of the action in San Francisco this November. 👉owasp.glueup.com/event/owasp-gl… #appsec #conference #opensource #cybersecurity #training

🚨 Among the packages that rely on axios: - auth0 - alchemy-sdk - @tavily/core - @slack/web-api - aws-crt - contentful-management - @coinbase/cdp-sdk - postmark - @sap-cloud-sdk/core - fastmcp - mcp-proxy - swagger-client - wagmi - gatsby - wait-on - posthog-node

AXIOS compromise hunting in MDE: DeviceNetworkEvents | where TimeGenerated > ago(7d) | where RemoteUrl contains "sfrclak[.]com" or RemoteIP == "142.11.206.73" | sort by TimeGenerated desc

We’ve been working on something special… 🌟 Our first Impact Report is here! Real stories, real voices, real impact, all made possible by you. 📄 owasp.org/assets/files/O… We are very proud of this one. Excited for what’s next 💪❤️ #OWASP #Impactreport #community #opensource #infosec #appsec

Join Jim Manico in Vienna for a 3-day AppSec & AI Security training! Hands-on, fully customizable, YOU choose the topics, we deliver the depth. Level up fast with real-world skills 🚀 👉 owaspglobalappseceuvienna20.sched.com/event/2E71S #AppSec #AISecurity #CyberSecurity #DevSecOps

OWASP CRS v4.25.0 LTS is out! First Long-Term Support for CRS 4 — stable foundation with security patches through Q3 2027. Formal backport policy, lessons from 3.3 applied, and crslang on the horizon. coreruleset.org/20260321/annou…

🚀 Announcing OWASP VulnerableApp 2.0.0 📷 We’re excited to share that VulnerableApp-2.0.0 has just been released! 📷github.com/SasanLabs/Vuln… #OpenSource #AppSec #SecurityTesting #DevSecOps #VulnerableApp #OWASP #SasanLabs #AI #LLMSecurity

Stay ahead! Learn how OWASP SAMM helps achieve CRA compliance by turning security requirements into measurable practices, integrating them into your SDLC, and embedding continuous, risk-based security. Read: owaspsamm.org/blog/2026/02/2… #OWASP #SAMM #CyberResilienceAct #SDLC

Join Fabio Cerullo’s 3-Day Web App Security Essentials training ⚔️ Exploit real vulnerabilities, understand OWASP Top 10 (2025), and tackle modern risks like AI-generated code, all in hands-on labs. owaspglobalappseceuvienna20.sched.com/event/2EBUO #AppSec #CyberSecurity #OWASP #EthicalHacking #SecureCoding #Infosec

For the first time ever, OWASP MAScon hits OWASP Global AppSec EU 2026 in Vienna! Join top experts for cutting-edge mobile security talks, live demos & real-world insights. 🎟 Tickets: owasp.glueup.com/event/owasp-gl… 📖 Details: owaspglobalappseceuvienna20.sched.com/overview/type/… #OWASP #MobileSecurity #AppSec #MAScon #CyberSecurity

We released a new version of #OWASP #WrongSecrets with a new #AI challenge: an authorization bypass using an #MCP service account! Want to try it out? Checkout wrongsecrets.com ! Like what you see? Please 🌟 our repository github.com/OWASP/wrongsec… !

🚀 Build AI you can trust before it hits production. Join Marco Morana for a 1-day Secure-by-Design AI training. Learn to identify, test & validate threats across LLMs, chatbots & RAG. 🔍 Hands-on | 💡 Real-world | 🛠 Actionable 👉 owaspglobalappseceuvienna20.sched.com/event/2EB3i #AIsecurity #DevSecOps #OWASP

@owasplondon is celebrating our 25th Anniversary in style! Join us for talks, networking, pizza, drinks, 🎂 & 🎈 📍 Tessl AI, London (6 min from King’s Cross) 🕕 3st March | 6pm 🎤 AppSec, AI security & PKI talks 🎟️ Free (register required) 👉 eventbrite.co.uk/e/owasp-25th-a… #OWASP #AppSec #OWASP25