Discover OWASP/PHP-ESAPI Open Source project by @OWASP

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

27,397

owasp-mastg

In-depth Attack Surface Mapping and Asset Discovery

11,723

Amass

7,941

wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Dockerfile

7,242

Go-SCP

Golang Secure Coding Practices guide

4,841

Top10

Official OWASP Top 10 Document Repository

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

4,262

Nettacker

Application Security Verification Standard

3,374

ASVS

OWASP API Security Project

2,720

API-Security

Dockerfile

2,050

owasp-masvs

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

DevGuide

NodeGoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

1,857

QRLJacking

Web and mobile application security training platform

1,346

SecurityShepherd

Vulnerable app with examples showing how to not use secrets

1,338

wrongsecrets

completely ridiculous API (crAPI)

1,196

crAPI

1,100

www-project-top-ten

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

1,098

www-community

OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/

1,078

joomscan

Raku

1,062

threat-dragon

An open source threat modeling tool from OWASP

A vulnerable version of Rails that follows the OWASP Top 10

915

railsgoat

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

859

java-html-sanitizer

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

788

OWASP-VWAD

749

DevSecOpsGuideline

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

705

IoTGoat

689

ZSC

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

Getting a handle on container security

645

Docker-Security

OWASP-WebScarab

MASTG-Hacking-Playground

574

www-project-kubernetes-top-ten

The Secure Coding Dojo is a platform for delivering secure coding knowledge.

554

SecureCodingDojo

a Damn Vulnerable Serverless Application

536

DVSA

Application Security Automation

532

glue

Ruby

522

www-project-top-10-for-large-language-model-applications

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

TeX

514

owasp-java-encoder

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

488

OFFAT

OWASP Honeypot, Automated Deception Framework.

457

Python-Honeypot

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

429

www-project-web-security-testing-guide

PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Standard Role Based Access Control and more, in the fastest implementation yet.

429

rbac

OWASP Foundation main site repository

423

owasp.github.io

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

423

iGoat-Swift

406

samm

SAMM stands for Software Assurance Maturity Model.

This project is about creating and publishing threat model examples.

397

threat-model-cookbook

OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar

373

igoat

368

Vulnerable-Web-Application

OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

O-Saft - OWASP SSL advanced forensic tool

345

O-Saft

Perl

344

vbscan

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Perl

323

Serverless-Goat

OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

312

SecureTea-Project

The Secure Coding Framework

285

RiskAssessmentFramework

TypeScript

245

D4N155

OWASP D4N155 - Intelligent and dynamic wordlist using OSINT

Shell

223

Serverless-Top-10-Project

OWASP Serverless Top 10

210

pysap

pysap is an open source Python library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols.

205

www-project-ai-security-and-privacy-guide

202

www-chapter-japan

OWASP PHP Security Project - THIS PROJECT IS INACTIVE AND MAY CONTAIN SECURITY FLAWS

198

phpsec

197

json-sanitizer

Given JSON-like content, The JSON Sanitizer converts it to valid JSON.

Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM

190

Maturity-Models

OWASP Passfault evaluates passwords and enforces password policy in a completely different way.

184

passfault

OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.

169

ASST

OWASP IoT Security Verification Standard (ISVS)

152

IoT-Security-Verification-Standard-ISVS

TeX

133

Software-Component-Verification-Standard

Software Component Verification Standard (SCVS)

Content for OWASP Summit 2017 site

133

owasp-summit-2017

CSS

128

BLT

OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.

The OWASP Secure Headers Project

124

www-project-secure-headers

122

www-project-proactive-controls

OWASP Code Review Guide Web Repository

Shell

122

www-project-code-review-guide

SEDATED® Project (Sensitive Enterprise Data Analyzer To Eliminate Disclosure)

119

SEDATED

Shell

109

sonarqube

OWASP SonarQube Project

Dockerfile

109

raider

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

OWASP-Testing-Guide

OWASPWebGoatPHP

A deliberately vulnerable web application for learning web application security.

Repo to hold mapping of user-security-stories

user-security-stories

KubeLight

OWASP Kubernetes security and compliance tool [WIP]

The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results.

owasp-istg

www-project-mobile-top-10

www-project-webgoat

Honeypot-Project

NINJA-PingU

Desktop variant of OWASP Threat Dragon

threat-dragon-desktop

OpenCRE

OWASP Project Developer Guide - Document and Project Web pages

www-project-developer-guide

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

www-project-csrfguard

OWASP Machine Learning Security Top 10 Project

www-project-machine-learning-security-top-10

OWASP Zed Attack Proxy project landing page.

www-project-zap

OWASP Foundation Threat Dragon Project Web Repository

www-project-threat-dragon

OWASP Single Sign-On allows a secure-by-default self-hosted SSO experience, including phishing-proof two-factor authentication, using state-of-the-art security mechanisms.

SSO_Project

www-project-application-security-verification-standard

www-project-security-knowledge-framework

wpBullet

OWASP Foundation Project Web Repository for Secure Coding Practices Quick-reference Guide

www-project-secure-coding-practices-quick-reference-guide

OWASP Low-Code/No-Code Top 10

www-project-top-10-low-code-no-code-security-risks

www-project-top-10-ci-cd-security-risks

Container Security Verification Standard

Container-Security-Verification-Standard

The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use in this matter. Also, the project is trying to help us promote the shift-left security culture in our development process.

www-project-devsecops-guideline

www-project-devsecops-maturity-model

www-project-juice-shop

A documentation and tracking project with the goal of making package management systems more secure.

packman

www-project-api-security

OWASP Foundation Web Repository

This is a defunct code base. The project is located at: https://github.com/WebGoat

100

WebGoat