OWASP (Open Web Application Security Project) is a nonprofit organization that provides freely available resources for web application security. Its most well-known project is the OWASP Top 10, a regularly updated list of the most critical web application security risks. OWASP also offers guides such as the Testing Guide, the Application Security Verification Standard (ASVS), and numerous open-source tools (e.g., ZAP Proxy). For your ISMS under ISO 27001 Annex A.8.25 through A.8.28, OWASP provides the practical foundation for secure development processes and security testing. Many organizations use the OWASP Top 10 as a minimum requirement in their development guidelines.