Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
SecurecodingdojoThe Secure Coding Dojo is a platform for delivering secure coding training.
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Zap HudThe OWASP ZAP Heads Up Display (HUD)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
ApicheckThe DevSecOps toolset for REST APIs
Securetea ProjectThe OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)
Zap CliA simple tool for interacting with OWASP ZAP from the commandline.
Bluemondaybluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Owasp Cloud SecurityOWASP Cloud Security - Enabling conversations through threat and control stories
AstraAutomated Security Testing For REST API's
Owaspheaders.coreA .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security
AmassIn-depth Attack Surface Mapping and Asset Discovery
Go AgentSqreen's Application Security Management for the Go language
Owasp OrizonOwasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.
Django DefectdojoDefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Find Sec BugsThe SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
SecurityratOWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
OwtfOffensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
AsvsA simple web app that helps developers understand the ASVS requirements.
ThemisEasy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Hacker ezinesA collection of electronic hacker magazines carefully curated over the years from multiple sources
Owasp SeraphimdroidOWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.
BreachdetectorDetect root, emulation, debug mode and other security concerns in your Xamarin apps
Threat DragonAn open source, online threat modelling tool from OWASP
NettackerAutomated Penetration Testing Framework
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Dependency TrackDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
JoomscanOWASP Joomla Vulnerability Scanner Project
AmassIn-depth Attack Surface Mapping and Asset Discovery
ZscOWASP ZSC - Shellcode/Obfuscate Code Generator
Owasp VwadThe OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Awesome AppsecA curated list of resources for learning about application security
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
DvnaDamn Vulnerable NodeJS Application
GlueApplication Security Automation
Www CommunityOWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
MaryamMaryam: Open-source Intelligence(OSINT) Framework