79 open source projects by OWASP

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

The Secure Coding Dojo is a platform for delivering secure coding training.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws

The Secure Coding Framework

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

OWASP Foundation main site repository

OWASP Honeypot, Automated Deception Framework.

This project is about creating and publishing threat model examples.

OWASP Passfault evaluates passwords and enforces password policy in a completely different way.

Official OWASP Top 10 Document Repository

Given JSON-like content, The JSON Sanitizer converts it to valid JSON.

Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM

Content for OWASP Summit 2017 site

OWASP D4N155 - Intelligent and dynamic wordlist using OSINT

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

OWASP SonarQube Project

Application Security Verification Standard

Migrated from code.google.com to a more active public repository.

An open source, online threat modelling tool from OWASP

Desktop variant of OWASP Threat Dragon

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

This is a defunct code base. The project is located at: https://github.com/WebGoat

Automated Penetration Testing Framework

.NET ASP.NET Security Analyser - Consolidation of multiple ASP.NET OWASP tools

OWASP Threat Dragon core files

Web and mobile application security training platform

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

A vulnerable version of Rails that follows the OWASP Top 10

OWASP API Security Project

OWASP Joomla Vulnerability Scanner Project

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

In-depth Attack Surface Mapping and Asset Discovery

OWASP ZSC - Shellcode/Obfuscate Code Generator

OWASP WebScarab

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Application Security Automation

OWASP Foundation Web Respository

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Standard Role Based Access Control and more, in the fastest implementation yet.

Go programming language secure coding practices guide

Getting a handle on container security

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.

a Damn Vulnerable Serverless Application

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

O-Saft - OWASP SSL advanced forensic tool

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner