OWASP

Top repositories by stars

• OWASP/CheatSheetSeries(on leaderboard)

  The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

  Python31,375
• OWASP/mastg

  The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

  Python12,725
• OWASP/wstg

  The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

  8,851
• OWASP/Top10

  Official OWASP Top 10 Document Repository

  HTML5,263
• OWASP/Go-SCP

  Golang Secure Coding Practices guide

  Go5,252
• OWASP/Nettacker

  Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

  Python4,838
• OWASP/ASVS

  Application Security Verification Standard

  HTML3,337
• OWASP/masvs

  The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

  Python2,333
• OWASP/API-Security

  OWASP API Security Project

  Dockerfile2,242
• OWASP/DevGuide

  The OWASP Developer Guide

  2,140
• OWASP/NodeGoat

  The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

  HTML2,013
• OWASP/QRLJacking

  QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

  Python1,507
• OWASP/SecurityShepherd

  Web and mobile application security training platform

  Java1,424
• OWASP/crAPI

  completely ridiculous API (crAPI)

  Java1,420
• OWASP/wrongsecrets

  Vulnerable app with examples showing how to not use secrets

  Java1,394
• OWASP/www-project-top-ten

  OWASP Foundation Web Respository

  HTML1,345
• OWASP/www-community

  OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

  HTML1,324
• OWASP/threat-dragon

  An open source threat modeling tool from OWASP

  JavaScript1,319
• OWASP/joomscan

  OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/

  Raku1,169
• OWASP/pytm

  A Pythonic framework for threat modeling

  Python1,104
• OWASP/www-project-top-10-for-large-language-model-applications

  OWASP Top 10 for Large Language Model Apps (Part of the GenAI Security Project)

  Python1,083
• OWASP/DevSecOpsGuideline

  The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

  Python1,025
• OWASP/java-html-sanitizer

  Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

  Java931
• OWASP/railsgoat

  A vulnerable version of Rails that follows the OWASP Top 10

  HTML910
• OWASP/OWASP-VWAD

  :warning: This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory

  883
• OWASP/IoTGoat

  IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

  C863
• OWASP/Docker-Security

  Getting a handle on container security

  Dockerfile675
• OWASP/MASTG-Hacking-Playground

  Java661
• OWASP/OFFAT

  The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

  Python659
• OWASP/ZSC

  OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

  Python653
• OWASP/www-project-ai-testing-guide

  OWASP Foundation web repository

  Python647
• OWASP/owasp.github.io

  OWASP Foundation main site repository

  HTML630
• OWASP/OWASP-WebScarab

  OWASP WebScarab

  Java617
• OWASP/www-project-kubernetes-top-ten

  OWASP Foundation Web Respository

  HTML600
• OWASP/SecureCodingDojo

  The Secure Coding Dojo is a platform for delivering secure coding knowledge.

  PHP594
• OWASP/www-project-web-security-testing-guide

  The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

  HTML558
• OWASP/DVSA

  a Damn Vulnerable Serverless Application

  JavaScript542
• OWASP/owasp-java-encoder

  The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

  Java532
• OWASP/glue

  Application Security Automation

  Ruby526
• OWASP/Python-Honeypot

  OWASP Honeypot, Automated Deception Framework.

  Python476
• OWASP/igoat

  OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar

  C454
• OWASP/iGoat-Swift

  OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

  C450
• OWASP/rbac

  PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Standard Role Based Access Control and more, in the fastest implementation yet.

  PHP434
• OWASP/threat-model-cookbook

  This project is about creating and publishing threat model examples.

  Python428
• OWASP/Vulnerable-Web-Application

  OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

  PHP403
• OWASP/samm

  SAMM stands for Software Assurance Maturity Model.

  JavaScript398
• OWASP/O-Saft

  O-Saft - OWASP SSL advanced forensic tool

  Perl384
• OWASP/Nest

  Your gateway to OWASP. Discover, engage, and help shape the future!

  Python378
• OWASP/www-project-ai-security-and-privacy-guide

  OWASP Foundation Web Respository

  HTML350
• OWASP/Serverless-Goat

  OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws

  Python328
• OWASP/vbscan

  OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

  Perl328
• OWASP/SecureTea-Project

  The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

  JavaScript303
• OWASP/RiskAssessmentFramework

  The Secure Coding Framework

  TypeScript271
• OWASP/D4N155

  OWASP D4N155 - Intelligent and dynamic wordlist using OSINT

  Shell266
• OWASP/pysap

  pysap is an open source Python library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols.

  Python242
• OWASP/www-chapter-japan

  OWASP Foundation Web Respository

  HTML232
• OWASP/Serverless-Top-10-Project

  OWASP Serverless Top 10

  217
• OWASP/json-sanitizer

  Given JSON-like content, The JSON Sanitizer converts it to valid JSON.

  Java215
• OWASP/phpsec

  OWASP PHP Security Project - THIS PROJECT IS INACTIVE AND MAY CONTAIN SECURITY FLAWS

  199
• OWASP/Maturity-Models

  Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM

  JavaScript195
• OWASP/www-project-secure-headers

  The OWASP Secure Headers Project

  Python186
• OWASP/ASST

  OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.

  JavaScript183
• OWASP/passfault

  OWASP Passfault evaluates passwords and enforces password policy in a completely different way.

  JavaScript177
• OWASP/www-project-proactive-controls

  OWASP Foundation Web Respository

  Shell165
• OWASP/Software-Component-Verification-Standard

  Software Component Verification Standard (SCVS)

  Python155
• OWASP/IoT-Security-Verification-Standard-ISVS

  OWASP IoT Security Verification Standard (ISVS)

  TeX148
• OWASP/www-project-code-review-guide

  OWASP Code Review Guide Web Repository

  HTML148
• OWASP/OWASPWebGoatPHP

  A deliberately vulnerable web application for learning web application security.

  PHP148
• OWASP/OpenCRE

  Python141
• OWASP/owasp-summit-2017

  Content for OWASP Summit 2017 site

  CSS129
• OWASP/user-security-stories

  Repo to hold mapping of user-security-stories

  120
• OWASP/www-project-developer-guide

  OWASP Project Developer Guide - Document and Project Web pages

  HTML115
• OWASP/owasp-istg

  The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results.

  Python113
• OWASP/SEDATED

  SEDATED® Project (Sensitive Enterprise Data Analyzer To Eliminate Disclosure)

  Shell112
• OWASP/sonarqube

  OWASP SonarQube Project

  Dockerfile112
• OWASP/OWASP-Testing-Guide

  OWASP Testing Guide

  111
• OWASP/www-project-mobile-top-10

  HTML110
• OWASP/KubeLight

  OWASP Kubernetes security and compliance tool [WIP]

  Python108
• OWASP/www-project-zap

  OWASP Zed Attack Proxy project landing page.

  HTML108
• OWASP/Honeypot-Project

  Python102
• OWASP/www-project-top-10-ci-cd-security-risks

  OWASP Foundation Web Respository

  HTML101
• OWASP/raider

  OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

  Python101
• OWASP/cornucopia

  The source files and tools needed to build the OWASP Cornucopia decks in various languages

  Python98
• OWASP/www-project-webgoat

  OWASP Foundation Web Respository

  HTML98
• OWASP/AppSec-Browser-Bundle

  The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.

  JavaScript98
• OWASP/www-project-machine-learning-security-top-10

  OWASP Machine Learning Security Top 10 Project

  HTML96
• OWASP/SafeNuGet

  MsBuild task to warn about insecure NuGet libraries

  C#96
• OWASP/www-project-juice-shop

  OWASP Foundation Web Respository

  HTML93
• OWASP/www-project-csrfguard

  The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

  Java91
• OWASP/www-project-threat-dragon

  OWASP Foundation Threat Dragon Project Web Repository

  HTML88
• OWASP/www-project-application-security-verification-standard

  OWASP Foundation Web Respository

  HTML87
• OWASP/www-project-devsecops-guideline

  The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use in this matter. Also, the project is trying to help us promote the shift-left security culture in our development process.

  HTML82
• OWASP/SSO_Project

  OWASP Single Sign-On allows a secure-by-default self-hosted SSO experience, including phishing-proof two-factor authentication, using state-of-the-art security mechanisms.

  JavaScript78
• OWASP/www-project-vulnerable-web-applications-directory

  The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

  JavaScript78
• OWASP/threat-dragon-desktop

  Desktop variant of OWASP Threat Dragon

  77
• OWASP/NINJA-PingU

  Python77
• OWASP/www-project-citizen-development-top10-security-risks

  OWASP Citizen Development Top 10

  HTML74
• OWASP/www-project-automated-threats-to-web-applications

  OWASP Foundation Web Respository

  HTML74
• OWASP/WebGoat.NET

  OWASP WebGoat.NET

  C#73
• OWASP/www-project-secure-coding-practices-quick-reference-guide

  OWASP Foundation Project Web Repository for Secure Coding Practices Quick-reference Guide

  HTML72