Projects in Awesome Lists by OWASP
A curated list of projects in awesome lists by OWASP .
https://github.com/owasp/cheatsheetseries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
application-security appsec best-practices cheatsheets code owasp security
Last synced: 26 Feb 2025
https://github.com/OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
application-security appsec best-practices cheatsheets code owasp security
Last synced: 12 Mar 2025
https://github.com/OWASP/owasp-mstg
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
android android-application compliancy-checklist dynamic-analysis hacking ios ios-app mast mastg mobile-app mobile-security mstg network-analysis pentesting reverse-engineering reverse-enginnering runtime-analysis static-analysis testing-cryptography
Last synced: 17 Aug 2025
https://github.com/owasp/owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
android android-application compliancy-checklist dynamic-analysis hacking ios ios-app mast mastg mobile-app mobile-security mstg network-analysis pentesting reverse-engineering reverse-enginnering runtime-analysis static-analysis testing-cryptography
Last synced: 14 May 2025
https://github.com/OWASP/owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
android android-application compliancy-checklist dynamic-analysis hacking ios ios-app mast mastg mobile-app mobile-security mstg network-analysis pentesting reverse-engineering reverse-enginnering runtime-analysis static-analysis testing-cryptography
Last synced: 19 Mar 2025
https://github.com/OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security
Last synced: 30 Mar 2025
https://github.com/owasp/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security
Last synced: 26 Mar 2025
https://github.com/owasp/nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
automation bruteforce cve hacking-tools information-gathering network-security owasp penetration-testing penetration-testing-framework pentesting pentesting-tools portscanner python recon scanner security security-tools vulnerability-management vulnerability-scanner vulnerability-scanners
Last synced: 12 May 2025
https://github.com/OWASP/Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
automation bruteforce cve cves hacking-tools information-gathering network-analysis owasp penetration-testing penetration-testing-framework pentesting pentesting-tools portscanner python scanner security security-tools vulnerability-management vulnerability-scanner vulnerability-scanners
Last synced: 23 Mar 2025
https://github.com/OWASP/masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
android-app audit gitbook ios-app mastg masvs mobile mstg owasp penetration-testing penetration-tests security security-audit security-standards standard verification
Last synced: 18 Jul 2025
https://github.com/owasp/api-security
OWASP API Security Project
api documentation-portal owasp-top security web-api
Last synced: 28 Jul 2025
https://github.com/OWASP/owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
android-app audit gitbook ios-app mastg masvs mobile mstg owasp penetration-testing penetration-tests security security-audit security-standards standard verification
Last synced: 26 Mar 2025
https://github.com/OWASP/API-Security
OWASP API Security Project
api documentation-portal owasp-top security web-api
Last synced: 13 Mar 2025
https://github.com/owasp/nodegoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
docker heroku javascript nodegoat nodejs owasp-top-ten owasp-zap vulnerabilities
Last synced: 11 Apr 2025
https://github.com/OWASP/NodeGoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
docker heroku javascript nodegoat nodejs owasp-top-ten owasp-zap vulnerabilities
Last synced: 12 Mar 2025
https://github.com/owasp/qrljacking
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
Last synced: 15 May 2025
https://github.com/OWASP/QRLJacking
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
Last synced: 26 Mar 2025
https://github.com/owasp/crapi
completely ridiculous API (crAPI)
api apisecurity hacktoberfest owasp
Last synced: 15 Dec 2025
https://github.com/owasp/securityshepherd
Web and mobile application security training platform
Last synced: 02 Apr 2025
https://github.com/OWASP/SecurityShepherd
Web and mobile application security training platform
Last synced: 26 Mar 2025
https://github.com/owasp/wrongsecrets
Vulnerable app with examples showing how to not use secrets
aws azure ctf devsecops docker gcp hashicorp-vault java keepass kubernetes owasp secrets secrets-management security terraform-aws terraform-azure terraform-gcp vault vulnerable-web-app
Last synced: 14 May 2025
https://github.com/OWASP/wrongsecrets
Vulnerable app with examples showing how to not use secrets
aws azure ctf devsecops docker gcp hashicorp-vault java keepass kubernetes owasp secrets secrets-management security terraform-aws terraform-azure terraform-gcp vault vulnerable-web-app
Last synced: 01 Apr 2025
https://github.com/owasp/www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
appsec community-project owasp
Last synced: 14 May 2025
https://github.com/owasp/www-project-top-ten
OWASP Foundation Web Respository
Last synced: 23 Mar 2025
https://github.com/owasp/joomscan
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
0day exploit joomla joomla-cms joomscan owasp scanner vulnerability-scanners vunerability
Last synced: 15 May 2025
https://github.com/OWASP/joomscan
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
0day exploit joomla joomla-cms joomscan owasp scanner vulnerability-scanners vunerability
Last synced: 24 Mar 2025
https://github.com/OWASP/crAPI
completely ridiculous API (crAPI)
api apisecurity hacktoberfest owasp
Last synced: 16 Mar 2025
https://github.com/OWASP/pytm
A Pythonic framework for threat modeling
data-flow-diagram dataflow dfd diagram pythonic-framework secure-development sequence-diagram threat-modeling threat-modeling-from-code threats
Last synced: 18 Oct 2025
https://github.com/owasp/java-html-sanitizer
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Last synced: 29 Apr 2025
https://github.com/owasp/railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
appsec owasp-top rails ruby ruby-on-rails security vulnerabilities
Last synced: 11 Apr 2025
https://github.com/OWASP/railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
appsec owasp-top rails ruby ruby-on-rails security vulnerabilities
Last synced: 16 Mar 2025
https://github.com/OWASP/OWASP-VWAD
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
appsec owasp vulnerable vulnerable-web-app vulnerable-web-application
Last synced: 22 Apr 2025
https://github.com/owasp/owasp-vwad
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
appsec owasp vulnerable vulnerable-web-app vulnerable-web-application
Last synced: 02 Apr 2025
https://github.com/OWASP/threat-dragon
An open source threat modeling tool from OWASP
owasp owasp-threat-dragon sdlc threat-dragon threat-modeling
Last synced: 01 Apr 2025
https://github.com/OWASP/DevSecOpsGuideline
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
devsecops owasp security shift-left
Last synced: 18 Jul 2025
https://github.com/OWASP/IoTGoat
IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
embedded-linux firmware firmware-security iot-security iot-security-testing openwrt owasp vulnerability-challenges
Last synced: 22 Apr 2025
https://github.com/owasp/zsc
OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/
assembly linux obfuscator osx owasp python shellcode windows
Last synced: 16 May 2025
https://github.com/OWASP/ZSC
OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/
assembly linux obfuscator osx owasp python shellcode windows
Last synced: 10 May 2025
https://github.com/OWASP/OFFAT
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
api-hacking api-rest api-security api-security-testing offat owasp
Last synced: 10 May 2025
https://github.com/OWASP/Docker-Security
Getting a handle on container security
Last synced: 20 Mar 2025
https://github.com/OWASP/SecureCodingDojo
The Secure Coding Dojo is a platform for delivering secure coding knowledge.
owasp secure-coding training-portal
Last synced: 09 Mar 2025
https://github.com/OWASP/www-project-kubernetes-top-ten
OWASP Foundation Web Respository
Last synced: 12 Apr 2025
https://github.com/OWASP/www-project-top-10-for-large-language-model-applications
OWASP Foundation Web Respository
Last synced: 16 Apr 2025
https://github.com/owasp/owasp-java-encoder
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Last synced: 02 Apr 2025
https://github.com/OWASP/rbac
PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Standard Role Based Access Control and more, in the fastest implementation yet.
Last synced: 08 May 2025
https://github.com/owasp/igoat
OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
Last synced: 13 Mar 2025
https://github.com/OWASP/igoat
OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
Last synced: 07 May 2025
https://github.com/OWASP/Python-Honeypot
OWASP Honeypot, Automated Deception Framework.
cybersecurity deception honeynet honeypot informationsecurity infosec owasp security
Last synced: 01 Apr 2025
https://github.com/OWASP/iGoat-Swift
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
insecure-data-storage ios-security ios-swift ipa owasp-igoat owasp-top-10 runtime-security
Last synced: 07 May 2025
https://github.com/OWASP/threat-model-cookbook
This project is about creating and publishing threat model examples.
appsec threat-model threat-modeling threat-modelling threat-models
Last synced: 18 Apr 2025
https://github.com/OWASP/samm
SAMM stands for Software Assurance Maturity Model.
maturity-models owasp-samm security
Last synced: 01 Apr 2025
https://github.com/owasp/o-saft
O-Saft - OWASP SSL advanced forensic tool
certificate ciphers perl ssl tls
Last synced: 15 May 2025
https://github.com/OWASP/O-Saft
O-Saft - OWASP SSL advanced forensic tool
certificate ciphers perl ssl tls
Last synced: 07 Apr 2025
https://github.com/OWASP/vbscan
OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
exploit owasp vbscan vbulletin vulnerability vulnerability-scanners
Last synced: 02 Apr 2025
https://github.com/OWASP/Serverless-Goat
OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws
Last synced: 23 Mar 2025
https://github.com/OWASP/SecureTea-Project
The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)
antivirus firewall intrusion-detection-system local-web-deface-detection owasp owasp-securetea waf webapplicationfirewall
Last synced: 29 Apr 2025
https://github.com/OWASP/RiskAssessmentFramework
The Secure Coding Framework
devsecops owasp-raf secure-coding static-application-security-tool
Last synced: 12 Jul 2025
https://github.com/OWASP/www-chapter-japan
OWASP Foundation Web Respository
Last synced: 26 Mar 2025
https://github.com/owasp/json-sanitizer
Given JSON-like content, The JSON Sanitizer converts it to valid JSON.
Last synced: 12 Apr 2025
https://github.com/OWASP/pysap
pysap is an open source Python library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols.
Last synced: 22 Apr 2025
https://github.com/OWASP/ASST
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.
asst cybersecurity owasp owasp-top-10 security-assesment-security-tools security-assessments security-audit security-hardening security-testing vulnerability-assessment vulnerability-detection vulnerability-scanner vulnerability-scanners web-vulnerability-scanner web-vulnerability-scanners
Last synced: 30 Mar 2025
https://github.com/OWASP/Software-Component-Verification-Standard
Software Component Verification Standard (SCVS)
best-practices cscrm open-source owasp scrm scvs software-supply-chain supply-chain
Last synced: 07 May 2025
https://github.com/OWASP/owasp-summit-2017
Content for OWASP Summit 2017 site
Last synced: 04 May 2025
https://github.com/OWASP/OWASPWebGoatPHP
A deliberately vulnerable web application for learning web application security.
Last synced: 16 Nov 2025
https://github.com/OWASP/SEDATED
SEDATED® Project (Sensitive Enterprise Data Analyzer To Eliminate Disclosure)
Last synced: 01 Apr 2025
https://github.com/OWASP/KubeLight
OWASP Kubernetes security and compliance tool [WIP]
cis compliance containers cve-scanning devsecops docker kubernetes kubernetes-security nsa owasp pci-dss python sbom scanner security security-tools vulnerability-management
Last synced: 10 May 2025
https://github.com/OWASP/raider
OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions
authentication authorization finite-state-machine fsm hy hylang lisp owasp python raiderauth security
Last synced: 08 May 2025
https://github.com/owasp/www-project-csrfguard
The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
csrf csrf-protection hacktoberfest java maven owasp security security-tools
Last synced: 15 May 2025
https://github.com/OWASP/www-project-zap
OWASP Zed Attack Proxy project landing page.
appsec appsec-testing owasp vulnerability-assessment vulnerability-scanner zap
Last synced: 15 Apr 2025
https://github.com/owasp/nest
Your gateway to OWASP. Discover, engage, and help shape the future!
chakra-ui django django-rest-framework graphql gsoc gsoc-2025 gsoc2025 k8s kubernetes python react rest typescript typescript-react
Last synced: 03 Jan 2026
https://github.com/OWASP/Container-Security-Verification-Standard
Container Security Verification Standard
Last synced: 30 Apr 2025
https://github.com/OWASP/www-project-ai-maturity-assessment
OWASP Foundation web repository
Last synced: 21 Aug 2025
https://github.com/OWASP/www-project-integration-standards
OWASP Foundation Web Respository
Last synced: 11 Jul 2025
https://github.com/owasp/benchmark
The OWASP Benchmark GitHub repo has moved to: https://github.com/OWASP-Benchmark/BenchmarkJava
Last synced: 02 Apr 2025
https://github.com/OWASP/Benchmark
The OWASP Benchmark GitHub repo has moved to: https://github.com/OWASP-Benchmark/BenchmarkJava
Last synced: 10 May 2025
https://github.com/owasp/nest-schema
OWASP Schema
json-schema mkdocs owasp owasp-nest python schema yaml-schema
Last synced: 19 Sep 2025