This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Category:OWASP Papers

Jump to: navigation, search

Welcome to the OWASP Papers Program

In an effort to promote more in-depth work in application security, the OWASP Papers program is now accepting paper submissions. Papers submitted to the OWASP Papers program will be reviewed by a team of senior application security experts. These reviewers will provide constructive feedback on submissions in the hopes of achieving a publishable quality paper. Papers that are approved by the review team will be published on the OWASP website and will be candidates for presentation at the next OWASP AppSec conference.

A note on plagiarism

Plagiarism is representing another person's work as one's own. According to Diana Hacker, "Three acts are plagiarism: (1) failing to cite quotations and borrowed ideas, (2) failing to enclose borrowed language in quotation marks and (3) failing to put summaries and paraphrases in your own words." Plagiarism is inconsistent with OWASP's goals and will result in permanent removal of your material from our site.

To check content there are many ways - if you suspect it try

Please report suspected plagiarism to [email protected] with as many details as possible and we will take action

Submitting a paper

To submit a paper, please use the following template for Microsoft Word / Open Office documents. All submissions should be sent to [email protected]. By submitting a paper, you agree to having OWASP publish the paper on the OWASP website and that you will not distribute the paper via other channels. Your paper will be made available under the Creative Commons Share-Alike Attribution license.


Software Development and Information Security (Tom Neaves)
An analysis, investigation and experiment into what happens when security is treated as an add-on during development.
Effective Software Security Management PDF Version (Dharmesh Mehta)
Discusses practical, flexible and understandable approach to aligning application security in SDLC.
Jeopardy in Web 2.0 - The Next Generation Web PDF Version (Dharmesh Mehta)
Discusses attacks against Web 2.0 - The Next Generation Web
Jeopardy in Web 2.0 - The Next Generation Web HTML Version (Dharmesh Mehta)
Discusses attacks against Web 2.0 - The Next Generation Web
Document Security in Web Applications (Andres Desa)
Discusses issues with protecting data in document form, such as Word, Excel, and PDF.

Pages in category "OWASP Papers"

This category contains only the following page.