Top 122 owasp open source projects

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

The Secure Coding Dojo is a platform for delivering secure coding training.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

The OWASP ZAP Heads Up Display (HUD)

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

The DevSecOps toolset for REST APIs

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

CSRF Protector library: standalone library for CSRF mitigation

A simple tool for interacting with OWASP ZAP from the commandline.

OWASP Honeypot, Automated Deception Framework.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Audit tool to find common vulnerabilities in PHP source code

OWASP Cloud Security - Enabling conversations through threat and control stories

Automated Security Testing For REST API's

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

In-depth Attack Surface Mapping and Asset Discovery

Sqreen's Application Security Management for the Go language

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

A collection of hacking / penetration testing resources to make you better!

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

GitBook markdown content for the eBook "Pwning OWASP Juice Shop"

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Hacking tools

Awesome Node.js Security resources

A simple web app that helps developers understand the ASVS requirements.

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

A collection of electronic hacker magazines carefully curated over the years from multiple sources

The OWASP ZAP core project

OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.

Learning Penetration Testing of Android Applications

Detect root, emulation, debug mode and other security concerns in your Xamarin apps

An open source, online threat modelling tool from OWASP

Desktop variant of OWASP Threat Dragon

nodejs + express security and performance boilerplate.

Automated Penetration Testing Framework

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Ready to use images of Zap and Glue, especially for CI integration.

OWASP Threat Dragon core files

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

OWASP Joomla Vulnerability Scanner Project

OWASP WEB Directory Scanner

In-depth Attack Surface Mapping and Asset Discovery

Vulnerability Patterns Detector for C# and VB.NET

OWASP Web Application Security Testing Checklist

OWASP ZSC - Shellcode/Obfuscate Code Generator

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

OWASP ZAP Add-ons

A curated list of resources for learning about application security

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Damn Vulnerable NodeJS Application

Application Security Automation

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

Maryam: Open-source Intelligence(OSINT) Framework

Integrates Dependency-Check reports into SonarQube