Project Leaders


Flagship Projects

Projects that have demonstrated strategic value to OWASP and application security as a whole


Tool Projects

OWASP Amass

An advanced open source tool to help information security professionals perform network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques!

OWASP CSRFGuard

More info soon…

OWASP Defectdojo

The leading open source application vulnerability management tool built for DevOps and continuous security integration.

OWASP Dependency-Check

Dependency-Check is a Software Composition Analysis (SCA) tool suite that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.

OWASP Dependency-Track

Intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

OWASP Juice Shop

Probably the most modern and sophisticated insecure web application for security trainings, awareness demos and CTFs. Also great voluntary guinea pig for your security tools and DevSecOps pipelines!

OWASP Maryam

OWASP Maryam is an Open-Source intelligence(OSINT) and Web-Based Footprinting optional/modular framwork based on Recon-ng core and written in Python. If you have Skill in OWASP Maryam is a modular/optional open source framework based on OSINT and data gathering. Maryam is written in Python programming language and It’s designed to provide a powerful environment to harvest data from open sources and search engines and collect data quickly and thoroughly. If you have skill in Metasploit or Recon-ng, you can easily use it without prerequisites and if not, it’s easy to use.

OWASP OWTF

Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient, written mostly in Python.

OWASP Security Shepherd

More info soon…

OWASP ZAP

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. Great for pentesters, devs, QA, and CI/CD integration.

Documentation Projects

OWASP Application Security Verification Standard

More info soon…

OWASP Cheat Sheet Series

The OWASP Cheat Sheet Series project provides a set of concise good practice guides for application developers and defenders to follow.

OWASP Mobile Security Testing Guide

More info soon…

OWASP SAMM

More info soon…

OWASP Security Qualitative Metrics

The OWASP Security Qualitative Metrics is the most detailed list of metrics which evaluate security level of web projects. It shows the level of coverage of OWASP ASVS.

OWASP Top Ten

The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.

OWASP Web Security Testing Guide

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

Code Projects

OWASP ModSecurity Core Rule Set

More info soon…