OWASP
OrganizationThe OWASP Foundation
On the leaderboard
| Rank | Repository | Stars |
|---|---|---|
| 953 | OWASP/CheatSheetSeries | 32,034 |
Top repositories by stars
- OWASP/CheatSheetSeries(on leaderboard)
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Python31,375 - OWASP/mastg
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
Python12,725 - OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
8,851 - OWASP/Top10
Official OWASP Top 10 Document Repository
HTML5,263 - OWASP/Go-SCP
Golang Secure Coding Practices guide
Go5,252 - OWASP/Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Python4,838 - OWASP/ASVS
Application Security Verification Standard
HTML3,337 - OWASP/masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
Python2,333 - OWASP/API-Security
OWASP API Security Project
Dockerfile2,242 - OWASP/DevGuide
The OWASP Developer Guide
2,140 - OWASP/NodeGoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
HTML2,013 - OWASP/QRLJacking
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
Python1,507 - OWASP/SecurityShepherd
Web and mobile application security training platform
Java1,424 - OWASP/crAPI
completely ridiculous API (crAPI)
Java1,420 - OWASP/wrongsecrets
Vulnerable app with examples showing how to not use secrets
Java1,394 - OWASP/www-project-top-ten
OWASP Foundation Web Respository
HTML1,345 - OWASP/www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
HTML1,324 - OWASP/threat-dragon
An open source threat modeling tool from OWASP
JavaScript1,319 - OWASP/joomscan
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
Raku1,169 - OWASP/pytm
A Pythonic framework for threat modeling
Python1,104 - OWASP/www-project-top-10-for-large-language-model-applications
OWASP Top 10 for Large Language Model Apps (Part of the GenAI Security Project)
Python1,083 - OWASP/DevSecOpsGuideline
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
Python1,025 - OWASP/java-html-sanitizer
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Java931 - OWASP/railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
HTML910 - OWASP/OWASP-VWAD
:warning: This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory
883 - OWASP/IoTGoat
IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
C863 - OWASP/Docker-Security
Getting a handle on container security
Dockerfile675 - OWASP/OFFAT
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
Python659 - OWASP/ZSC
OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/
Python653 - OWASP/www-project-ai-testing-guide
OWASP Foundation web repository
Python647 - OWASP/owasp.github.io
OWASP Foundation main site repository
HTML630 - OWASP/OWASP-WebScarab
OWASP WebScarab
Java617 - OWASP/www-project-kubernetes-top-ten
OWASP Foundation Web Respository
HTML600 - OWASP/SecureCodingDojo
The Secure Coding Dojo is a platform for delivering secure coding knowledge.
PHP594 - OWASP/www-project-web-security-testing-guide
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
HTML558 - OWASP/DVSA
a Damn Vulnerable Serverless Application
JavaScript542 - OWASP/owasp-java-encoder
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Java532 - OWASP/glue
Application Security Automation
Ruby526 - OWASP/Python-Honeypot
OWASP Honeypot, Automated Deception Framework.
Python476 - OWASP/igoat
OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
C454 - OWASP/iGoat-Swift
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
C450 - OWASP/rbac
PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Standard Role Based Access Control and more, in the fastest implementation yet.
PHP434 - OWASP/threat-model-cookbook
This project is about creating and publishing threat model examples.
Python428 - OWASP/Vulnerable-Web-Application
OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
PHP403 - OWASP/samm
SAMM stands for Software Assurance Maturity Model.
JavaScript398 - OWASP/O-Saft
O-Saft - OWASP SSL advanced forensic tool
Perl384 - OWASP/Nest
Your gateway to OWASP. Discover, engage, and help shape the future!
Python378 - OWASP/www-project-ai-security-and-privacy-guide
OWASP Foundation Web Respository
HTML350 - OWASP/Serverless-Goat
OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws
Python328 - OWASP/vbscan
OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
Perl328 - OWASP/SecureTea-Project
The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)
JavaScript303 - OWASP/RiskAssessmentFramework
The Secure Coding Framework
TypeScript271 - OWASP/D4N155
OWASP D4N155 - Intelligent and dynamic wordlist using OSINT
Shell266 - OWASP/pysap
pysap is an open source Python library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols.
Python242 - OWASP/www-chapter-japan
OWASP Foundation Web Respository
HTML232 - OWASP/Serverless-Top-10-Project
OWASP Serverless Top 10
217 - OWASP/json-sanitizer
Given JSON-like content, The JSON Sanitizer converts it to valid JSON.
Java215 - OWASP/phpsec
OWASP PHP Security Project - THIS PROJECT IS INACTIVE AND MAY CONTAIN SECURITY FLAWS
199 - OWASP/Maturity-Models
Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM
JavaScript195 - OWASP/www-project-secure-headers
The OWASP Secure Headers Project
Python186 - OWASP/ASST
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.
JavaScript183 - OWASP/passfault
OWASP Passfault evaluates passwords and enforces password policy in a completely different way.
JavaScript177 - OWASP/www-project-proactive-controls
OWASP Foundation Web Respository
Shell165 - OWASP/Software-Component-Verification-Standard
Software Component Verification Standard (SCVS)
Python155 - OWASP/IoT-Security-Verification-Standard-ISVS
OWASP IoT Security Verification Standard (ISVS)
TeX148 - OWASP/www-project-code-review-guide
OWASP Code Review Guide Web Repository
HTML148 - OWASP/OWASPWebGoatPHP
A deliberately vulnerable web application for learning web application security.
PHP148 - Python141
- OWASP/owasp-summit-2017
Content for OWASP Summit 2017 site
CSS129 - OWASP/user-security-stories
Repo to hold mapping of user-security-stories
120 - OWASP/www-project-developer-guide
OWASP Project Developer Guide - Document and Project Web pages
HTML115 - OWASP/owasp-istg
The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results.
Python113 - OWASP/SEDATED
SEDATED® Project (Sensitive Enterprise Data Analyzer To Eliminate Disclosure)
Shell112 - OWASP/sonarqube
OWASP SonarQube Project
Dockerfile112 - OWASP/OWASP-Testing-Guide
OWASP Testing Guide
111 - OWASP/KubeLight
OWASP Kubernetes security and compliance tool [WIP]
Python108 - OWASP/www-project-zap
OWASP Zed Attack Proxy project landing page.
HTML108 - Python102
- OWASP/www-project-top-10-ci-cd-security-risks
OWASP Foundation Web Respository
HTML101 - OWASP/raider
OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions
Python101 - OWASP/cornucopia
The source files and tools needed to build the OWASP Cornucopia decks in various languages
Python98 - OWASP/www-project-webgoat
OWASP Foundation Web Respository
HTML98 - OWASP/AppSec-Browser-Bundle
The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
JavaScript98 - OWASP/www-project-machine-learning-security-top-10
OWASP Machine Learning Security Top 10 Project
HTML96 - OWASP/SafeNuGet
MsBuild task to warn about insecure NuGet libraries
C#96 - OWASP/www-project-juice-shop
OWASP Foundation Web Respository
HTML93 - OWASP/www-project-csrfguard
The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
Java91 - OWASP/www-project-threat-dragon
OWASP Foundation Threat Dragon Project Web Repository
HTML88 - OWASP/www-project-application-security-verification-standard
OWASP Foundation Web Respository
HTML87 - OWASP/www-project-devsecops-guideline
The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use in this matter. Also, the project is trying to help us promote the shift-left security culture in our development process.
HTML82 - OWASP/SSO_Project
OWASP Single Sign-On allows a secure-by-default self-hosted SSO experience, including phishing-proof two-factor authentication, using state-of-the-art security mechanisms.
JavaScript78 - OWASP/www-project-vulnerable-web-applications-directory
The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
JavaScript78 - OWASP/threat-dragon-desktop
Desktop variant of OWASP Threat Dragon
77 - Python77
- OWASP/www-project-citizen-development-top10-security-risks
OWASP Citizen Development Top 10
HTML74 - OWASP/www-project-automated-threats-to-web-applications
OWASP Foundation Web Respository
HTML74 - OWASP/WebGoat.NET
OWASP WebGoat.NET
C#73 - OWASP/www-project-secure-coding-practices-quick-reference-guide
OWASP Foundation Project Web Repository for Secure Coding Practices Quick-reference Guide
HTML72