OWASP® Foundation

One of our OWASP Incubator Projects was featured in Help Net Security this week. 🎉 CVE Lite CLI, built by Sonu Kapoor, is an open-source dependency vulnerability scanner for JavaScript and TypeScript developers. It moves security checks to the developer's terminal - before code reaches CI - and returns copy-and-run fix commands instead of a list of CVE identifiers. The tool scans lockfiles locally, supports npm, pnpm, Yarn, and Bun, and works in offline and air-gapped environments. No account required. 📰 Read the full coverage: https://lnkd.in/d43Fds_S Project page: https://lnkd.in/g58x4Bya

🚀 Now available: AIUC-1 Crosswalks — OWASP Top 10 for Agentic Applications 🚀 The OWASP GenAI Security Project’s Agentic Security Initiative has published a practical new crosswalk connecting AIUC-1 with the OWASP Top 10 for Agentic Applications. Why it matters: as AI agents move from copilots to autonomous actors, teams need a clear way to map governance, security, safety, and reliability requirements to real agentic threats. This document provides a bidirectional mapping between AIUC-1 requirements and the OWASP Agentic Top 10, helping practitioners understand coverage across risks. Inside the document: 🔹Bidirectional mapping between AIUC-1 requirements and OWASP agentic risks 🔹Coverage guidance for teams already using AIUC-1 🔹AIUC-1 control references for practitioners using the OWASP Agentic Top 10 🔹Mapping across threats like goal hijacking, tool misuse, memory poisoning, privilege abuse, and rogue agents 🔹Gap analysis highlighting where agentic systems need stronger controls 🔹Practical focus areas including agent identity, runtime containment, inter-agent communication, supply chain attestation, and schema governance A useful resource for builders, defenders, auditors, and governance teams working to secure the next generation of AI systems. Read it here: 👉 https://lnkd.in/gqn3Vfnm Learn more about the OWASP GenAI Security Project. Become a contributor. 👉https://genai.owasp.org #OWASP #GenAI #AgenticAI #AISecurity #Cybersecurity #AIgovernance #LLMSecurity #AIUC #OWASPGenAISecurity

🚨 GIVEAWAY ALERT 🚨 Three days left to win your ticket to the OWASP® Foundation️ Global AppSec conference in Vienna, Austria - worth €1,100! 🎟️ Given some limitations experienced over the past week, we've decided to extend the deadline by 3 days, now closing on Friday, May 29. We want to make sure the entire community has a fair opportunity to participate. All details in the original post below. 👇🏽 #Giveaway #Raffle #AppSec #InfoSec #CyberSecurity #OWASP #Vienna

OWASP Porto had a blast at their latest chapter meeting, celebrating our 25th anniversary in style 🎉 No celebration would be complete without cake! 🎂 #OWASP #25thanniversary #AppSec #CyberSecurity #OWASPPorto #Community

I was interviewed by Shweta Sharma at CSO Online about CVE Lite CLI, the OWASP project I created to help JavaScript and TypeScript developers catch and remediate dependency vulnerabilities earlier in the development workflow. The article captures the core idea behind the project well: As AI coding assistants speed up software development, dependency decisions are happening faster, too. That does not mean security checks should become more magical. In fact, I think the opposite is true. Some parts of security tooling should stay boring, repeatable, and auditable. That is why CVE Lite CLI keeps the actual vulnerability analysis deterministic. It scans lockfiles locally, uses OSV data, separates direct and transitive issues, provides fixed-version hints where available, and helps developers understand a practical remediation path before the problem becomes a CI failure. The goal is not to replace enterprise SCA platforms. The goal is to give developers earlier, clearer feedback at the point where dependency risk is introduced. My favourite line from the interview is still this: “I do not think AI should decide whether a CVE exists. That part needs to be boring, repeatable, and auditable.” Thank you, Shweta, for covering the project and for framing the bigger issue so clearly. Article: https://lnkd.in/e96JXDZG OWASP project: https://lnkd.in/eMCSFdJ2 #OWASP #CyberSecurity #AppSec #OpenSource #JavaScript #TypeScript #SoftwareSupplyChain #DevSecOps #AI

🚨 Reminder, Join us May 27th for the Gen AI Application Security & Risk Virtual Summit, 🚨 Generative and agentic AI are changing how applications are built, deployed, and operated — but they are also expanding the attack surface in ways traditional AppSec programs were not designed to handle. Join us virtually on Wednesday, May 27, 2026, from 11:00 AM–4:00 PM ET for the Official Cybersecurity Summit: AppSec 2026 Virtual, presented in partnership with the OWASP GenAI Security Project Hear from OWASP leaders, project contributors, and 20+ top companies across 3 powerful tracks on: 🔹 AI Security Governance 🔹 Threat Intel & Red Teaming 🔹 Agentic & AI Application Security We’ll explore practical strategies for securing AI systems before risk outpaces adoption, including: ✅ GenAI and agentic AI threats such as prompt injection, tool misuse, memory manipulation, data leakage, and AI supply chain risk ✅ AI red teaming and continuous adversarial validation ✅ Secure-by-design patterns for autonomous applications ✅ AI risk governance, vendor evaluation, and regulatory alignment ✅ Real-world lessons from organizations deploying AI in production Attendees can also earn CPE/CEU credits. Use the OWASP GenAI Security Project Free Reg Code: CSS26-OWASP 👉 Register here: https://lnkd.in/eKJiXk_d Learn more about the OWASP Gen AI Security Project: https://genai.owasp.org #AppSec #GenAI #AgenticAI #AISecurity #Cybersecurity #OWASP #DevSecOps #AI风险 #ApplicationSecurity

We could tell you about Pavel Shukhman's talk on continuous SBOM diffing, but it’s better to hear it from the expert himself. Watch this short video to learn more about this exciting session taking place on Thursday, 25 June at OWASP Global AppSec Vienna. https://lnkd.in/erBtdTJt #OWASPVienna26 #appsec #GlobalAppSec #SBOM #opensource

🔍 𝗛𝗼𝘄 𝗴𝗼𝗼𝗱 𝗶𝘀 𝘆𝗼𝘂𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘀𝗰𝗮𝗻𝗻𝗲𝗿 — 𝗿𝗲𝗮𝗹𝗹𝘆? Not according to a sales deck. Against a reproducible ground truth with results anyone can verify. OWASP VulnerableApp now ships with a built-in benchmarking framework for security scanners. Run your scanner against the target app, convert the results, POST them to a single endpoint, and get: ✅ Coverage % ✅ Vulnerabilities detected ✅ Missed findings ✅ False positives We’re building an open and reproducible benchmark for comparing security scanners — and inviting every vendor, OSS project, and research team to participate. 𝗗𝗔𝗦𝗧 𝗼𝗿 𝗦𝗔𝗦𝗧. 𝗖𝗼𝗺𝗺𝗲𝗿𝗰𝗶𝗮𝗹 𝗼𝗿 𝗼𝗽𝗲𝗻 𝘀𝗼𝘂𝗿𝗰𝗲. 𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗽𝗿𝗼𝘁𝗼𝘁𝘆𝗽𝗲 𝗼𝗿 𝗽𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻 𝗽𝗹𝗮𝘁𝗳𝗼𝗿𝗺. The target runs in Docker. The framework is open. The results are public. 📖 https://lnkd.in/gYviePP If you build or maintain a security scanner, this is your invitation. Comment below or reach out — we’ll help you benchmark your tool. Tag a scanner team that should take the challenge 👇 #AppSec #OWASP #DAST #SAST #SecurityTesting #OpenSource

This year marks 25 years of OWASP® Foundation — 25 years of community-driven efforts to make software and the internet more secure. 🎉 From local meetups to global conferences, from open-source projects to education and awareness, OWASP has played a huge role in shaping the application security community we know today. We’re happy to celebrate this milestone together at the upcoming OWASP Porto Meet #11 – Déjà vu on May 26th, 2026. It’s a great reminder that communities built around sharing knowledge, helping others, and improving security together can create a lasting impact. A big thank you to everyone who has contributed to OWASP over the years — organizers, volunteers, speakers, sponsors, and community members. Here’s to the next 25 years of learning, collaboration, and making technology safer for everyone. 🙌 If you haven’t RSVP’d yet, make sure to secure your spot — and if your plans changed, please keep your RSVP updated so others from the community can attend. RSVP and Event Info: https://luma.com/inxsfopo #OWASP #OWASP25 #OWASPPorto #CyberSecurity #AppSec #Community

We are excited to be a Community Partner for the Security BSides Bangalore Annual Cybersecurity Conference 2026, in collaboration with World Wide Women in Cyber Security (w3-cs). 🎯𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗕𝗦𝗶𝗱𝗲𝘀 𝗕𝗮𝗻𝗴𝗮𝗹𝗼𝗿𝗲 𝗔𝗻𝗻𝘂𝗮𝗹 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗖𝗼𝗻𝗳𝗲𝗿𝗲𝗻𝗰𝗲 𝟮𝟬𝟮𝟲 Get ready for one of the most-awaited cybersecurity gatherings of the year! 🗓️ 𝗗𝗮𝘁𝗲: 9th July 2026 (Thursday) ⏰ 𝗧𝗶𝗺𝗲: 9:00 AM – 6:00 PM 📍 𝗟𝗼𝗰𝗮𝘁𝗶𝗼𝗻: Sheraton Grand Hotel, Whitefield, Bangalore 🎓 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀: July 7, 8, 10, 11 & 12 Plus, we have exclusive discount codes for The OWASP Community: Non-Member Pass: ACSC2026OWASPNONMEMBER Corporate Pass: ACSC2026OWASPCORPORATE Trainings: ACSC2026OWASPTRAININGS 🔗 𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿 𝗳𝗼𝗿 𝗰𝗼𝗻𝗳𝗲𝗿𝗲𝗻𝗰𝗲: https://lnkd.in/ggDba8qi 🎟️ 𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿 𝗳𝗼𝗿 𝘁𝗿𝗮𝗶𝗻𝗶𝗻𝗴: https://lnkd.in/gw9AcbDK