OWASP/OWASP-VWAD

Stars
749
Rank 60,575 (Top 2 %)
Language
License
Apache License 2.0
Created about 11 years ago
Updated over 1 year ago

OWASP/OWASP-VWAD

OWASP

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

OWASP-VWAD

The OWASP Vulnerable Web Applications Directory Project (VWAD, https://owasp.org/www-project-vulnerable-web-applications-directory/) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

The individual collections are available via separate tabs on: https://owasp.org/www-project-vulnerable-web-applications-directory/

Editing Process

Just open a PR modifying the JSON file.

Please keep the file sorted by name. You can use this online tool to assist you: https://codeshack.io/json-sorter/. Entries should conform to the schema and are validated automatically during PR handling. You can also use this online service to check before submitting.

Since 20200331 they are automatically copied/deployed to the www-project-vulnerable-web-applications-directory repo, from which they are rendered on the owasp.org website.

CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Amass

In-depth Attack Surface Mapping and Asset Discovery

wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Go-SCP

Golang Secure Coding Practices guide

Top10

Official OWASP Top 10 Document Repository

Nettacker

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

ASVS

Application Security Verification Standard

API-Security

OWASP API Security Project

owasp-masvs

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

DevGuide

The OWASP Guide

NodeGoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

QRLJacking

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

SecurityShepherd

Web and mobile application security training platform

wrongsecrets

Vulnerable app with examples showing how to not use secrets

crAPI

completely ridiculous API (crAPI)

www-project-top-ten

OWASP Foundation Web Respository

www-community

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

joomscan

OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/

threat-dragon

An open source threat modeling tool from OWASP

railsgoat

A vulnerable version of Rails that follows the OWASP Top 10

java-html-sanitizer

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

DevSecOpsGuideline

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

IoTGoat

IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

ZSC

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

Docker-Security

Getting a handle on container security

OWASP-WebScarab

OWASP WebScarab

MASTG-Hacking-Playground

www-project-kubernetes-top-ten

OWASP Foundation Web Respository

SecureCodingDojo

The Secure Coding Dojo is a platform for delivering secure coding knowledge.

DVSA

a Damn Vulnerable Serverless Application

glue

Application Security Automation

www-project-top-10-for-large-language-model-applications

OWASP Foundation Web Respository

owasp-java-encoder

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

OFFAT

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

Python-Honeypot

OWASP Honeypot, Automated Deception Framework.

www-project-web-security-testing-guide

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

rbac

PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Standard Role Based Access Control and more, in the fastest implementation yet.

owasp.github.io

OWASP Foundation main site repository

iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

samm

SAMM stands for Software Assurance Maturity Model.

threat-model-cookbook

This project is about creating and publishing threat model examples.

igoat

OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar

Vulnerable-Web-Application

OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

O-Saft

O-Saft - OWASP SSL advanced forensic tool

vbscan

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Serverless-Goat

OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws

SecureTea-Project

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

RiskAssessmentFramework

The Secure Coding Framework

D4N155

OWASP D4N155 - Intelligent and dynamic wordlist using OSINT

Serverless-Top-10-Project

OWASP Serverless Top 10

pysap

pysap is an open source Python library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols.

www-project-ai-security-and-privacy-guide

OWASP Foundation Web Respository

www-chapter-japan

OWASP Foundation Web Respository

phpsec

OWASP PHP Security Project - THIS PROJECT IS INACTIVE AND MAY CONTAIN SECURITY FLAWS

json-sanitizer

Given JSON-like content, The JSON Sanitizer converts it to valid JSON.

Maturity-Models

Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM

passfault

OWASP Passfault evaluates passwords and enforces password policy in a completely different way.

ASST

OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.

IoT-Security-Verification-Standard-ISVS

OWASP IoT Security Verification Standard (ISVS)

Software-Component-Verification-Standard

Software Component Verification Standard (SCVS)

owasp-summit-2017

Content for OWASP Summit 2017 site

BLT

OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.

www-project-secure-headers

The OWASP Secure Headers Project

www-project-proactive-controls

OWASP Foundation Web Respository

www-project-code-review-guide

OWASP Code Review Guide Web Repository

SEDATED

SEDATED® Project (Sensitive Enterprise Data Analyzer To Eliminate Disclosure)

sonarqube

OWASP SonarQube Project

raider

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

OWASP-Testing-Guide

OWASP Testing Guide

OWASPWebGoatPHP

A deliberately vulnerable web application for learning web application security.

user-security-stories

Repo to hold mapping of user-security-stories

KubeLight

OWASP Kubernetes security and compliance tool [WIP]

owasp-istg

The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results.

www-project-mobile-top-10

www-project-webgoat

OWASP Foundation Web Respository

Honeypot-Project

NINJA-PingU

threat-dragon-desktop

Desktop variant of OWASP Threat Dragon

OpenCRE

www-project-developer-guide

OWASP Project Developer Guide - Document and Project Web pages

www-project-csrfguard

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

www-project-machine-learning-security-top-10

OWASP Machine Learning Security Top 10 Project

www-project-zap

OWASP Zed Attack Proxy project landing page.

www-project-threat-dragon

OWASP Foundation Threat Dragon Project Web Repository

SSO_Project

OWASP Single Sign-On allows a secure-by-default self-hosted SSO experience, including phishing-proof two-factor authentication, using state-of-the-art security mechanisms.

www-project-application-security-verification-standard

OWASP Foundation Web Respository

PHP-ESAPI

Migrated from code.google.com to a more active public repository.

www-project-security-knowledge-framework

OWASP Foundation Web Respository

wpBullet

www-project-secure-coding-practices-quick-reference-guide

OWASP Foundation Project Web Repository for Secure Coding Practices Quick-reference Guide

www-project-top-10-low-code-no-code-security-risks

OWASP Low-Code/No-Code Top 10

www-project-top-10-ci-cd-security-risks

OWASP Foundation Web Respository

Container-Security-Verification-Standard

Container Security Verification Standard

www-project-devsecops-guideline

The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use in this matter. Also, the project is trying to help us promote the shift-left security culture in our development process.

www-project-devsecops-maturity-model

OWASP Foundation Web Respository

www-project-juice-shop

OWASP Foundation Web Respository

packman

A documentation and tracking project with the goal of making package management systems more secure.

www-project-api-security

OWASP Foundation Web Repository

WebGoat

This is a defunct code base. The project is located at: https://github.com/WebGoat