Denim Group has been acquired by Coalfire. Learn More>>

Denim Group Donates Sprajax, the First AJAX Code Security Scanner, to Open Web Application Security Project (OWASP)

Denim Group Ltd., a market leader of web-application security consulting and training, today announced its donation of Sprajax, an open source security scanner for AJAX, to the non-profit Open Web Application Security Project (OWASP).

Sprajax, a Microsoft .Net-based application developed by Denim Group, is the first web security scanner developed specifically to scan AJAX web applications for security vulnerabilities. Since its release via the Denim Group website in May this year, there have been over 2,500 downloads of the application and numerous online discussion threads.

“Denim Group is committed to furthering the field of application security,” said Dan Cornell, principal of Denim Group, “and by donating Sprajax to OWASP, we intend to generate more discussion around security vulnerabilities within AJAX applications. Providing the tool under the OWASP banner will make it more visible within the application security community. We saw a need for a product in the industry and took it upon ourselves to begin work on the project. Moving forward, the larger user base and development base provided by the association with OWASP will ultimately strengthen and enhance this tool.”

“Securing AJAX technology is a new challenge for the application security community,” said Jeff Williams, chairman of OWASP. “Denim Group’s contribution and leadership role in the OWASP Sprajax project will help developers worldwide produce more secure AJAX applications.”

Sprajax is available for immediate download from the OWASP website


OWASP was formed in 2000 and has almost 5,000 members and 73 chapters globally. The OWASP foundation is a non-profit organization made up of all-volunteer participants. OWASP’s mission is to find and fight the causes of insecure software. OWASP enables organizations to develop, maintain, and purchase applications that they can trust through the development of free, open, and unbiased application security documentation, tools, chapters, and conferences. More information is available at