https://github.com/jezreal-dev/owasp-evaluation

Research, install, and evaluate OWASP open-source security tools against lab environments. Document findings, share with the OWASP community, and provide guidance for organizations on tight budgets.
https://github.com/jezreal-dev/owasp-evaluation

Last synced: 11 days ago
JSON representation

Research, install, and evaluate OWASP open-source security tools against lab environments. Document findings, share with the OWASP community, and provide guidance for organizations on tight budgets.

• Host: GitHub
• URL: https://github.com/jezreal-dev/owasp-evaluation
• Owner: jezreal-dev
• License: mit
• Created: 2026-05-09T23:06:38.000Z (about 1 month ago)
• Default Branch: main
• Last Pushed: 2026-05-09T23:11:46.000Z (about 1 month ago)
• Last Synced: 2026-06-06T03:22:28.445Z (13 days ago)
• Size: 5.86 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# OWASP Tools Evaluation Project

## 📌 Overview

This project explores OWASP open-source tools to evaluate their usefulness for organizations with limited budgets.  

The goal is to install, test, and document one or more OWASP tools against lab environments, mimicking real-world scenarios.

---

## 🎯 Objectives

- Research OWASP projects and select one primary tool.

- Install and configure the tool in a lab environment.

- Deploy against vulnerable applications (e.g., DVWA, Juice Shop).

- Document installation, usage, and evaluation results.

- Share findings with the OWASP community.

- Add project outcomes to portfolio/CV.

---

## 🛠️ Tools Explored

- **ThreatAtlas** — Threat modeling and visualization.  

- **CycloneDX** — Software Bill of Materials (SBOM).  

- **ZAP (Zed Attack Proxy)** — Web application security testing.  

*(Choose one to focus on deeply, others optional for comparison.)*

---

## 🧪 Lab Setup

- Environment: [e.g., Ubuntu VM, Docker containers]  

- Vulnerable apps: [DVWA, Juice Shop, custom test app]  

- Configuration details: [network setup, dependencies, etc.]  

---

## 📋 Evaluation Criteria

- Ease of installation and setup.  

- Documentation quality.  

- Accuracy of findings.  

- Usability and learning curve.  

- Integration potential (CI/CD, DevSecOps).  

---

## 📊 Results

- **Screenshots/GIFs** of tool in action.  

- Key findings (strengths, weaknesses).  

- Recommendations for organizations.  

---

## 📚 Documentation

- [Setup Guide](docs/setup.md)  

- [Evaluation Report](docs/evaluation.md)  

- [Walkthrough](docs/walkthrough.md)  

---

## 🌍 Community Engagement

- Contributions to OWASP discussions.  

- Suggested improvements to documentation.  

- Shared findings with peers.  

---

## 📌 Roadmap

- Phase 1: Research & Selection ✅  

- Phase 2: Installation & Setup ⏳  

- Phase 3: Lab Deployment ⏳  

- Phase 4: Evaluation & Documentation ⏳  

- Phase 5: Community Engagement ⏳  

- Phase 6: Stretch Goals (optional) ⏳  

---

## 📋 Project Board

Track progress and tasks on the [Project Board](https://github.com/jmomoh-source/owasp-evaluation/projects).

---

## 📌 Status

Currently focusing on **[chosen tool]** with lab deployment in progress.