OWASP.

Explore the world of cyber security.

OWASP

Summary

OWASP is the global nonprofit behind the standards the entire software industry trusts — the OWASP Top 10, ASVS, the Cheat Sheet Series, and hundreds of community projects. We delivered a complete web redesign and ground-up rebuild, migrating their sprawling enterprise site — 1,300+ pages, 300+ chapters, and 2.5M+ monthly visitors — off legacy infrastructure and onto an all-new, high-performance Next.js and Supabase platform. Beyond the rebuild, we hardened the platform through full penetration-test remediation, moved global delivery onto the Cloudflare CDN, and built an internal community layer with member profiles, groups, and events managed entirely in-house — eliminating OWASP's dependence on Meetup. The result is a faster, safer, and far more connected home for OWASP's worldwide community, fully owned end to end.

Tech Stack

  • Next.js
  • React
  • MDX
  • Cloudflare CDN
  • Supabase
  • PostgreSQL
  • Auth / SSO
  • Custom CMS

Length of Project

Multi-phase engagement (2024–2025).

Focus Areas

  • Full Web Redesign & Rebuild
  • Web Platform Engineering
  • Security & Pen Test Remediation
  • Edge Infrastructure
  • Backend & Data Platform
  • Community & Membership Product
  • Groups & Events Platform
  • Large-Scale Content Migration

Engagement

A full web redesign and ground-up rebuild: enterprise migration, security remediation, edge infrastructure, backend, community product, an internal groups & events platform, and large-scale content migration.

Built for Impact

OWASP security and pen test remediation dashboard showing findings tracker, remediation progress, and closed-vulnerability trend

Security & Pen Test Remediation

For the organization that defines application security, the bar is uncompromising. We worked through penetration-test findings end to end — triaging by severity, remediating vulnerabilities, and hardening the platform against the OWASP Top 10. Combined with a Cloudflare web application firewall and secure-by-default patterns, the site now practices the standards OWASP publishes to the rest of the world.

OWASP edge infrastructure diagram: Global Users to Cloudflare CDN to Next.js App to Supabase (Postgres, Auth, Realtime, Storage)

Edge Infrastructure & Backend

We re-architected delivery around the edge. Cloudflare CDN caches and protects traffic globally for sub-second load times, while a Supabase backend — Postgres, authentication, real-time, and storage — powers everything dynamic behind a fast Next.js application. It is an enterprise-grade stack that scales to millions of monthly visitors without the operational weight of legacy infrastructure.

OWASP community platform showing member profiles, activity feed, and joined chapters — a social network for application security

Member Profiles & Community

OWASP is, above all, a community. We built a membership and community layer — user accounts, rich member profiles, chapter affiliations, and a real-time activity feed — that functions like a social network purpose-built for application security. Members create profiles, connect with peers, and plug into the chapters shaping AppSec worldwide, all powered by the Supabase backend.

OWASP internal Groups & Events platform with event cards, RSVPs, and chapter management — replacing Meetup

Groups & Events — Goodbye Meetup

OWASP previously leaned on Meetup to run its global calendar of chapter meetings and events. We brought all of it in-house: members now discover groups, join chapters, and RSVP to in-person, online, and hybrid events directly on the OWASP platform. Organizers manage their own groups and events with no third-party tools, no external fees, and full ownership of their community data.

OWASP platform-at-scale overview: 1,300+ pages, 300+ chapters, 2.5M+ monthly visitors, and project cards

Platform at Scale

Modernizing a knowledge base this large is its own engineering challenge. We migrated and rebuilt 1,300+ pages and 300+ chapter sites — from the OWASP Top 10 and ASVS to the Cheat Sheet Series and hundreds of community projects — into a consistent, content-driven system with an instant command-palette search that makes the entire library navigable in a keystroke.

Key stats

1,300+ Pages

Rebuilt and migrated across owasp.org and its subdomains onto a unified, high-performance platform.

300+ Global Chapters

Local OWASP chapters worldwide brought into a single, consistent, and easily maintainable system.

Pen Test Findings Remediated

Vulnerabilities surfaced by penetration testing were triaged and closed, with the platform hardened against the OWASP Top 10.

2.5M+ Monthly Visitors

An enterprise-scale audience migrated to an all-new Next.js + Supabase platform with no loss of traffic, served with sub-second delivery through the Cloudflare CDN.

Meetup Eliminated

Groups, chapters, and events are now created, managed, and hosted entirely inside the OWASP platform — removing the need for third-party tools like Meetup.

Lighthouse 99+

Performance, accessibility, and best-practice scores held at 99+ across the platform.

The platform

A closer look at the experience.

OWASP global command-palette search across projects and chapters

Instant command-palette search across 1,300+ pages.

OWASP Community create-account and onboarding screen

Member onboarding into the OWASP community platform.

OWASP Application Security Verification Standard (ASVS) project page

Consistent project templates across the entire catalog.

How it works

The build.

01

Harden & Remediate

We started from a security-first posture: working through penetration-test findings, closing vulnerabilities by severity, and hardening against the OWASP Top 10. A Cloudflare WAF and secure-by-default patterns keep the platform defensible at the edge.

02

Move to the Edge

Global delivery was rebuilt on the Cloudflare CDN, caching and protecting traffic worldwide so 2.5M+ monthly visitors get sub-second performance regardless of location, while the Next.js application stays fast under load.

03

Stand Up the Backend

A Supabase backend provides Postgres data, authentication, real-time updates, and storage — the foundation for accounts, profiles, and community features without the overhead of running bespoke infrastructure.

04

Build the Community Layer

On top of that backend we shipped member profiles, chapter affiliations, and a real-time activity feed — a social experience tailored to application-security practitioners, connecting OWASP's global membership in one place.

05

Bring Groups & Events In-House

We replaced OWASP's reliance on Meetup with a native groups-and-events system — discovery, RSVPs, and chapter management for in-person, online, and hybrid events — giving OWASP full ownership of its community engagement and data.

06

Migrate at Scale

Finally, we migrated and rebuilt 1,300+ pages and 300+ chapter sites into a unified, content-driven system with command-palette search — turning a sprawling knowledge base into a fast, consistent, and maintainable platform.

Next project

Feature

Feature
Feature

Antimatter AI, © 2026. All rights reserved.