OWASP Projects

Projects, along with Global Conferences and Local Chapters, are the cornerstone of the OWASP organization.

We want to provide a fostering environment for new ideas and energetic project leaders; however, our global consumers depend on OWASP to provide dependable, quality projects.

Our OWASP Project Stages represent a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality.

Our lifecycle stages allow consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.

The greater the maturity of the project, the greater the level of responsibility for the project leader.

These responsibilities are not trivial as OWASP provides incentives and benefits for projects who take on these added responsibilities.

Project Categories

Projects are divided into 4 main categories:

  • Code Library

  • Documentation

  • Research

  • Tool

Project Lifecycle

The OWASP Project Lifecycle is broken down into the following stages:

Stage 1 –> Incubator
Stage 2 –> Labs
Stage 3 –> Flagship

New Project Requirements

At a minimum, all OWASP projects MUST have all of the following:

  • Project Name

  • Project Leader Name

  • Project Leader Email address

  • Project Overview

  • Project Purpose

  • Project License

  • Project Roadmap

  • Project links (if any) to external sites

  • Project Leader wiki account (the username needed to edit the OWASP wiki)

  • Project Contributor(s) (if any, and for each one: name, email, OWASP wiki account (if any)

  • Project Main Links (if any)

  • For Documentation: A table of Contents

  • For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access

Once you have passed the Project Ideas phase, then you will be ready to start a new project.

To Submit your project proposal please use the new project application:


The goal of an OWASP Project is to create a concrete deliverable that furthers the OWASP mission.