| layout | title | tags | level | type | pitch |
|---|---|---|---|---|---|
col-sidebar |
OWASP Developer Guide |
dev-guide, developer guide |
2 |
documentation |
The Developer Guide allows businesses, developers, designers and solution architects to produce secure web applications. If done from the earliest stages, secure applications cost about the same to develop as insecure applications, but are far more cost effective in the long run. |
{% assign dev_file = site.static_files | where: "name", "devsite.txt" %} {% if dev_file.size > 0 %} {% assign site_base_url = '/' %} {% else %} {% assign site_base_url = site.github.url | replace: 'owasp.github.io','owasp.org' | replace: 'http:https://', 'https://' %} {% endif %}
<style type="text/css"> .image-right { height: 180px; display: block; margin-left: auto; margin-right: auto; float: right; } </style>
{: .image-right }
The OWASP Developer Guide provides an introduction to security concepts and a handy reference for application and system developers. This guide does not seek to replicate the many excellent sources on specific security topics; it rarely tries to go into detail on a subject and instead provides links for greater depth on these security topics. The content of the Developer Guide aims to be accessible, introducing practical security concepts and providing enough detail to get developers started on various OWASP tools and documents.
The intended audience of the Developer Guide is application developers working in various domains such as web, desktop, mobile, API and cloud.
Along with the OWASP Top Ten, the Developer Guide is one of the original resources published soon after OWASP was formed in 2001. Version 1.0 of the Developer Guide was released in 2002 and then there were various releases up to version 2.0 in 2005. After discussions and iterations throughout 2023 and 2024, the Developer Guide has now been updated for the modern security landscape using contributions from the wider application security community.
Periodically the draft version is tagged and the contents promoted to the release area of the Developer Guide. The draft version is a work in progress and is subject to large scale and frequent changes.
Contributions and suggestions are all welcome, we just ask that you follow our code of conduct and read the contributing guidelines which provide style and document structure suggestions. We also welcome new issues, changes via a pull request and discussions in the project wiki.
The easiest way to get in contact with the development community for this documentation project is via the OWASP Slack #project-developer-guide project channel (you may need to subscribe first).
OWASP Developer Guide: accessible security for developers