Top 122 owasp open source projects

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Next generation web scanner

A collection of higher-level aws cdk constructs: slack-approval-workflow, #slack & msteams notifications, chatops, blue-green-container-deployment, codecommit-backup, OWASP dependency-check, contentful-webhook, github-webhook, stripe-webhook, static-website, pull-request-check, pull-request-approval-rule, codepipeline-merge-action, codepipeline-check-parameter-action...

secureCodeBox (SCB) - continuous secure delivery out of the box

IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

This repository contains payload to test NoSQL Injections

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

Application Security Awareness Training

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

Security review guidelines for mobile projects

Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

Docker repository for OWTF (64-bit Kali)

Owasp Zap chart for Kubernetes

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

POC about usage of JSON Web Tokens (JWT) in a secure way.

A place for documenting threats and mitigations related to containers orchestrators (Kubernetes, Swarm etc)

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

Framework for Testing WAFs (FTW!)

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

OWASP ZAP addon for finding vulnerabilities in JWT Implementations

Software Component Verification Standard (SCVS)

A web application that contains several unit tests for the purpose of .NET security

🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

This is the Azure Kubernetes Service (AKS) baseline cluster for regulated workloads reference implementation as produced by the Microsoft Azure Architecture Center.

This repository for training application security.

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

Demo - how to easily build security testing for Web App, using Zap and Glue

Deploy, update, and stage your WAFs while managing them centrally via FMS.

bWAPP latest modified for PHP7

This is the official main repository for the Assimilation project

Documentation for Essential Node.js Security

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

No description or website provided.

Pentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.

Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

Some good resources for getting started with application security

Web Application Secure Coding Handbook resource.

OWASP Zed Attack Proxy project landing page.

Machine Learning WAF Based

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

apache 2.x.x module, for CSRF mitigation

Integrates OWASP Zed Attack Proxy reports into SonarQube

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Additional Resources For Securing The Stack Tutorials

completely ridiculous API (crAPI)

OWASP Code Review Guide Web Repository

Run Capture the Flags and Security Trainings with OWASP Juice Shop

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.