Project Talks

Project Summit Picture2  IMG_5415

What are the OWASP Project Talks

The OWASP Project talks give Leaders an opportunity to showcase their project progress, and announce new project activity. This year, we have ten projects participating in the AppSec USA 2013 Project Talks. More information about each project can be found below.

Do I need to purchase a Full Conference Pass to attend the OWASP Project Talks and Project Summit?

No! We want these activities to be open to the community to attend and participate – so if you can’t afford a full conference pass or aren’t interested in attending the main conference talk sessions (in the Ballroom), but DO want to participate in the Project Talks, Project Summit and other activities such as the CTF, Career Fair, Lockpick Village, and Exhibit Hall: Register for FREE for the “Expo and Career Fair Only Pass” and use the following discount code at checkout: NYC13_SUMMIT

What OWASP Projects will be giving talks at AppSec USA this year?

This year we have ten projects participating in the OWASP Project Talks event module.

OWASP AppSensor

The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities. Learn more about OWASP AppSensor here.

OWASP Code Review Guide

The Code Review Guide focuses on secure code reviews and tools that aim to support the developer community. Such an activity is very powerful as it gives the developer community a place to start regarding secure application development. Learn more about the OWASP Code Review Guide here.

OWASP Development Guide

The Development Guide is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying secure Web Applications and Web Services. The OWASP Developer Guide 2013 aims to focus the content from countermeasures and weaknesses to secure software engineering. Learn more about the OWASP Development Guide here.

The OWASP Education Projects

The OWASP Education project is meant to centralize all educational initiatives of OWASP. The project will not deliver education material as such, but define standards and guidelines on education material. Furthermore, this project aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses, and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously.

Initiatives of the OWASP Education Project are:


  • OWASP Academies
  • OWASP Academy Portal
  • OWASP University Outreach
  • OWASP Student Chapter


OWASP Enterprise Security API

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. Learn more about OWASP ESAPI here.

OWASP O2 Project

The O2 platform represents a new paradigm for how to perform, document, and distribute Web Application security reviews. O2 is designed to Automate Application Security Knowledge and Workflows, and to Allow non-security experts to access and consume Security Knowledge. Learn more about the OWASP O2 Project here.


The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development. Learn more about OWASP Open SAMM here.

OWASP Security Principles Project

The OWASP Security Principles Project aims to distil the fundamentals of security into a set of concise principles that must be present in any system throughout the requirements, architecture, development, testing, and implementation of that system. Learn more about the OWASP Security Principles Project here.

OWASP Testing Guide

This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations. Contributors of this project are currently writing Version 4 of the guide, and are actively seeking authors. Learn more about the OWASP Testing Guide here.

OWASP Zed Attack Proxy (ZAP)

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Learn more about OWASP ZAP here.