Rules of Procedure

Branding Guidelines

Adopted by the Board on 02-12-2020.

Please note, this page is supplemental to the OWASP Foundation OWASP Word Mark and Logo Usage Guidelines. Usage requirements therein include:

  • No misrepresentation as to the meaning
  • Do not disparage
  • Notice symbols
  • Attribution
  • Do not alter
  • Use as adjective
  • No use in Company names


On this page, you will find the most current marketing materials and brand guidelines used by the OWASP Foundation.


The OWASP brand is the property of the OWASP Foundation. The right to use the name or logo is granted as long as the following guidelines are followed. The right to use the OWASP brand may be revoked at any time. The following rules make reference to the OWASP Materials, meaning any tools, documentation, or other content from OWASP.

  1. The OWASP Brand may be used to direct people to the OWASP website for information about application security.
  2. The OWASP Brand may be used in commentary about the materials found on the OWASP website.
  3. The OWASP Brand may be used by OWASP Members in good standing to acknowledge a person’s involvement in or a company’s support of OWASP.
  4. The OWASP Brand may be used to indicate that OWASP is a host or sponsor of an event.
  5. The OWASP Brand may be used in association with an application security assessment only if a complete and detailed methodology, sufficient to reproduce the results, is disclosed.
  6. The OWASP Brand must not be used in a manner that suggests that The OWASP Foundation supports, advocates, endorses, or recommends any particular product or technology.
  7. The OWASP Brand must not be used in a manner that suggests that a product or technology is compliant with any OWASP Materials.
  8. The OWASP Brand must not be used in a manner that suggests that a product or technology can enable compliance with any OWASP Materials.
  9. The OWASP Brand must not be used in any materials that could mislead readers by narrowly interpreting a broad application security category. For example, a vendor product that can find or protect against forced browsing must not claim that they address all of the access control categories.
  10. The OWASP Brand may be used by special arrangement with The OWASP Foundation.


Customization of OWASP identity graphics is a way to reflect the individual characteristics of conferences, events, chapters, and projects. The branding guidelines allow for minimal customization of identity graphics. Please see the Identity section for details. A color palette is provided in the Identity Standards Quick Reference Guide. Background images, such as a country flag to identify a local chapter, may be acceptable as long as it does not obscure the branded identity. All customized identity graphics, including logos, banners, avatars, cover photos, presentation templates, etc., must follow these guidelines.

Questionable practices include changing the circle to a square, altering the angle of the wasp feature, using non-branded wasp images, copyrighted images, and any other treatment that alters or obscures the OWASP brand. The OWASP Foundation reserves the right to request changes to any graphic that does not comply with these rules.

Statement of Non-Endorsement

OWASP does not endorse any product, services, or tools. The following disclaimer/About OWASP text can be used in projects or press releases that reference external products, services, or tools. We ask that the community look out for inappropriate uses of the OWASP brand, including the use of our name, logos, project names, and other trademark issues.

About the OWASP Foundation: The Open Worldwide Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP, and all of our materials are available under a free and open software license. You’ll find everything about OWASP linked from our wiki and current information on our OWASP Blog. OWASP does not endorse or recommend any product or service. This allows our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.


We maintain high resolution versions of our logo on a public Google Drive. Click the link for the version of the logo you want below, and then download the format(s) you want. We provide SVG, PNG, JPG, and others.

Files are hosted from OWASP Foundation’s Google Drive. If these links do not work, contact [email protected].

OWASP Brand Guidelines 2024 PDF

OWASP® Logos

OWASP™ Logos