The Open Web Application Security Project (OWASP), an online community, produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.

OWASP seeks to educate developers, designers, architects and business owners about the risks associated with the most common Web application security vulnerabilities. OWASP, which supports both open source and commercial security products, has become known as a forum in which information technology professionals can network and build expertise. The organization publishes a popular Top Ten list that explains the most dangerous Web application security flaws and provides recommendations for dealing with those flaws.

OWASP tools, document and code library projects are organized into three categories, tools and documents that can be used to find security-related design and implementation flaws, tools and documents that can be used to guard against security-related design and implementation flaws and tools and documents that can be used to add security-related activities into the application lifecycle management (ALM).

The most popular things when OWASP is mention, majority of people will associate it will OWASP Top 10: 2017 (this is the latest web application security vulnerability top 10, it will keep change and evolved after few years, example OWASP Top 10: 2013), it use by lot of industry and people for cross checking to make sure their web application do not had any web application being highlight on their own web application.