owasp.github.io
OWASP Foundation main site repository
The website is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
There are no reviews yet. Be the first to send feedback to the community and the maintainers!
OWASP Foundation main site repository
The website is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).Amass
In-depth Attack Surface Mapping and Asset Discoverywstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.Go-SCP
Golang Secure Coding Practices guideTop10
Official OWASP Top 10 Document RepositoryNettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability ManagementASVS
Application Security Verification StandardDevGuide
The OWASP GuideAPI-Security
OWASP API Security Projectowasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.NodeGoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.QRLJacking
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.SecurityShepherd
Web and mobile application security training platformwrongsecrets
Vulnerable app with examples showing how to not use secretswww-project-top-ten
OWASP Foundation Web Respositoryjoomscan
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/crAPI
completely ridiculous API (crAPI)www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.railsgoat
A vulnerable version of Rails that follows the OWASP Top 10threat-dragon
An open source threat modeling tool from OWASPjava-html-sanitizer
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.OWASP-VWAD
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.DevSecOpsGuideline
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.ZSC
OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/IoTGoat
IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.Docker-Security
Getting a handle on container securityOWASP-WebScarab
OWASP WebScarabwww-project-kubernetes-top-ten
OWASP Foundation Web RespositoryMASTG-Hacking-Playground
DVSA
a Damn Vulnerable Serverless Applicationglue
Application Security Automationowasp-java-encoder
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!SecureCodingDojo
The Secure Coding Dojo is a platform for delivering secure coding knowledge.rbac
PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Standard Role Based Access Control and more, in the fastest implementation yet.Python-Honeypot
OWASP Honeypot, Automated Deception Framework.samm
SAMM stands for Software Assurance Maturity Model.iGoat-Swift
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOSwww-project-web-security-testing-guide
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.www-project-top-10-for-large-language-model-applications
OWASP Foundation Web Respositorythreat-model-cookbook
This project is about creating and publishing threat model examples.igoat
OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop YermalkarO-Saft
O-Saft - OWASP SSL advanced forensic toolVulnerable-Web-Application
OWASP Vulnerable Web Application Project https://github.com/hummingbirdscybervbscan
OWASP VBScan is a Black Box vBulletin Vulnerability ScannerServerless-Goat
OWASP ServerlessGoat: a serverless application demonstrating common serverless security flawsSecureTea-Project
The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)RiskAssessmentFramework
The Secure Coding Frameworkpysap
pysap is an open source Python library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols.Serverless-Top-10-Project
OWASP Serverless Top 10phpsec
OWASP PHP Security Project - THIS PROJECT IS INACTIVE AND MAY CONTAIN SECURITY FLAWSjson-sanitizer
Given JSON-like content, The JSON Sanitizer converts it to valid JSON.D4N155
OWASP D4N155 - Intelligent and dynamic wordlist using OSINTwww-chapter-japan
OWASP Foundation Web RespositoryMaturity-Models
Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMMwww-project-ai-security-and-privacy-guide
OWASP Foundation Web Respositorypassfault
OWASP Passfault evaluates passwords and enforces password policy in a completely different way.OFFAT
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.ASST
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.IoT-Security-Verification-Standard-ISVS
OWASP IoT Security Verification Standard (ISVS)Software-Component-Verification-Standard
Software Component Verification Standard (SCVS)owasp-summit-2017
Content for OWASP Summit 2017 siteBLT
OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.www-project-secure-headers
The OWASP Secure Headers ProjectSEDATED
SEDATED® Project (Sensitive Enterprise Data Analyzer To Eliminate Disclosure)sonarqube
OWASP SonarQube Projectwww-project-code-review-guide
OWASP Code Review Guide Web Repositorywww-project-proactive-controls
OWASP Foundation Web Respositoryraider
OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessionsOWASP-Testing-Guide
OWASP Testing GuideOWASPWebGoatPHP
A deliberately vulnerable web application for learning web application security.user-security-stories
Repo to hold mapping of user-security-storiesKubeLight
OWASP Kubernetes security and compliance tool [WIP]Honeypot-Project
www-project-webgoat
OWASP Foundation Web RespositoryNINJA-PingU
threat-dragon-desktop
Desktop variant of OWASP Threat Dragonwww-project-mobile-top-10
owasp-istg
The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results.www-project-csrfguard
The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer TokensSSO_Project
OWASP Single Sign-On allows a secure-by-default self-hosted SSO experience, including phishing-proof two-factor authentication, using state-of-the-art security mechanisms.www-project-zap
OWASP Zed Attack Proxy project landing page.PHP-ESAPI
Migrated from code.google.com to a more active public repository.www-project-security-knowledge-framework
OWASP Foundation Web RespositorywpBullet
www-project-top-10-low-code-no-code-security-risks
OWASP Low-Code/No-Code Top 10www-project-threat-dragon
OWASP Foundation Threat Dragon Project Web Repositorywww-project-top-10-ci-cd-security-risks
OWASP Foundation Web Respositorywww-project-application-security-verification-standard
OWASP Foundation Web Respositorywww-project-machine-learning-security-top-10
OWASP Machine Learning Security Top 10 ProjectContainer-Security-Verification-Standard
Container Security Verification StandardOpenCRE
www-project-developer-guide
OWASP Project Developer Guide - Document and Project Web pageswww-project-secure-coding-practices-quick-reference-guide
OWASP Foundation Project Web Repository for Secure Coding Practices Quick-reference Guidewww-project-devsecops-guideline
The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use in this matter. Also, the project is trying to help us promote the shift-left security culture in our development process.www-project-devsecops-maturity-model
OWASP Foundation Web Respositorywww-project-juice-shop
OWASP Foundation Web Respositorypackman
A documentation and tracking project with the goal of making package management systems more secure.www-project-api-security
OWASP Foundation Web RepositoryWebGoat
This is a defunct code base. The project is located at: https://github.com/WebGoatLove Open Source and this site? Check out how you can help us