1. Igoat SwiftOWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
3. WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
4. Serverless GoatOWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws
6. Securetea ProjectThe OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)
10. PassfaultOWASP Passfault evaluates passwords and enforces password policy in a completely different way.
11. Top10Official OWASP Top 10 Document Repository
13. Maturity ModelsNode application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM
15. D4n155OWASP D4N155 - Intelligent and dynamic wordlist using OSINT
16. NodegoatThe OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
19. AsvsApplication Security Verification Standard
20. Php EsapiMigrated from code.google.com to a more active public repository.
23. Owasp MasvsThe Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
24. WebgoatThis is a defunct code base. The project is located at: https://github.com/WebGoat
26. Dotnet ansa.NET ASP.NET Security Analyser - Consolidation of multiple ASP.NET OWASP tools
29. Qrljacking QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
30. RailsgoatA vulnerable version of Rails that follows the OWASP Top 10
33. Java Html SanitizerTakes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
34. AmassIn-depth Attack Surface Mapping and Asset Discovery
35. ZscOWASP ZSC - Shellcode/Obfuscate Code Generator
37. Owasp VwadThe OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
40. Www CommunityOWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
41. RbacPHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Standard Role Based Access Control and more, in the fastest implementation yet.
42. Go ScpGo programming language secure coding practices guide
44. BenchmarkOWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
45. Dvsaa Damn Vulnerable Serverless Application
47. Owasp Java EncoderThe OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
49. O SaftO-Saft - OWASP SSL advanced forensic tool
50. VbscanOWASP VBScan is a Black Box vBulletin Vulnerability Scanner