Project Leaders
- OWASP AI Security and Privacy Guide
- OWASP AI Top Ten
- OWASP API Governance
- OWASP API Security Project
- OWASP ASVS Security Evaluation Templates with Nuclei
- OWASP ASVS-Graph
- OWASP AWScanner
- OWASP Access Log Parser
- OWASP Amass
- OWASP AntiSamy
- OWASP AppSec Days Developer Outreach Program
- OWASP AppSensor
- OWASP Application Gateway
- OWASP Application Security Awareness Campaigns
- OWASP Application Security Curriculum
- OWASP Application Security Monitoring Standard
- OWASP Application Security Playbook
- OWASP Application Security Verification Standard
- OWASP Attack Surface Detector
- OWASP Automated Threats to Web Applications
- OWASP Automotive EMB 60
- OWASP Benchmark
- OWASP BlockChain AppSec Standard
- OWASP Bug Logging Tool
- OWASP CSRFGuard
- OWASP CWE Toolkit
- OWASP Cervantes
- OWASP ChainGoat
- OWASP Cheat Sheet Series
- OWASP Chirps
- OWASP Cloud Tenant Isolation
- OWASP Cloud-Native Application Security Top 10
- OWASP Code Pulse
- OWASP Cognito Catastrophe
- OWASP Continuous Penetration Testing Framework
- OWASP Coraza Web Application Firewall
- OWASP Core Business Application Security
- OWASP Cornucopia
- OWASP Cumulus
- OWASP CycloneDX
- OWASP DPD (DDOS Prevention using DPI)
- OWASP DVSA
- OWASP Damn Vulnerable Web Sockets
- OWASP Data Analysis Visualization and Ingestion Domain (DAVID)
- OWASP Data Security Top 10
- OWASP DeepSecrets
- OWASP Defectdojo
- OWASP Dependency-Check
- OWASP Dependency-Track
- OWASP Desktop App Security Top 10
- OWASP DevSecOps
- OWASP DevSecOps Guideline
- OWASP DevSecOps Top 10
- OWASP DevSecOps Verification Standard
- OWASP DevSlop
- OWASP Developer Guide
- OWASP Devsecops Maturity Model
- OWASP Docker Top 10
- OWASP Domain Protect
- OWASP Embedded Application Security
- OWASP Ende
- OWASP Enterprise Security API (ESAPI)
- OWASP Extensions for Apache Drill
- OWASP Find Security Bugs
- OWASP Four Clover
- OWASP Glue Tool
- OWASP Go Secure Coding Practices Guide
- OWASP Honeypot
- OWASP How to Get Into AppSec
- OWASP IDE-VulScanner
- OWASP Integration Standards
- OWASP Intelligent Intrusion Detection System
- OWASP IoT Security Testing Guide
- OWASP IoT Security Verification Standard
- OWASP Java Encoder
- OWASP Java HTML Sanitizer
- OWASP Juice Shop
- OWASP Jupiter
- OWASP KubeFIM
- OWASP KubeLight
- OWASP Kubernetes Security Testing Guide
- OWASP Kubernetes Top Ten
- OWASP LLM Prompt Hacking
- OWASP LLM Verification Standard
- OWASP Low-Code/No-Code Top 10
- OWASP Machine Learning Minefield
- OWASP Machine Learning Security Top Ten
- OWASP Machine Learning Security Verification Standard
- OWASP Maryam
- OWASP Memory Safety Project
- OWASP Mimosa
- OWASP Mobile Application Security
- OWASP Mobile Audit
- OWASP Mobile Top 10
- OWASP ModSecurity Core Rule Set
- OWASP Mutillidae II
- OWASP Nettacker
- OWASP Nightingale
- OWASP Node.js Goat
- OWASP O-Saft
- OWASP OWTF
- OWASP Ontology Driven Threat Modeling Framework
- OWASP Open Security Information Base
- OWASP Open Source Security Applications Platform
- OWASP PenText
- OWASP Penetration Testing Kit
- OWASP Podcast
- OWASP Proactive Controls
- OWASP Project Spotlight Series
- OWASP PurpleTeam
- OWASP Qrljacker
- OWASP Raider
- OWASP Reverse Engineering And Code Modification Prevention
- OWASP Risk Assessment Framework
- OWASP Riyadh
- OWASP SAMM
- OWASP SEDATED®
- OWASP SamuraiWTF
- OWASP Scan IT
- OWASP ScrapPy
- OWASP Secure Coding Dojo
- OWASP Secure Headers Project
- OWASP SecureBank
- OWASP SecureTea Project
- OWASP Security Bridge
- OWASP Security Champions Guide
- OWASP Security Culture
- OWASP Security Pins
- OWASP Security Shepherd
- OWASP SecurityRAT
- OWASP Seraphimdroid
- OWASP Serverless Top 10
- OWASP Smart Contract Top 10
- OWASP Snakes And Ladders
- OWASP Software Component Verification Standard
- OWASP Software Pre-Execution Security Review
- OWASP Software Security 5D Framework
- OWASP State of AppSec Survey
- OWASP SupplyChainGoat
- OWASP TOCTOURex
- OWASP Testability Patterns for Web Applications
- OWASP Thick Client Top 10 Project
- OWASP Threat Dragon
- OWASP Threat Modeling Playbook (OTMP)
- OWASP Threat Modeling Project
- OWASP Top 10 CI/CD Security Risks
- OWASP Top 10 Client-Side Security Risks
- OWASP Top 10 Insider Threats
- OWASP Top 10 Privacy Risks
- OWASP Top 10 for Large Language Model Applications
- OWASP Top Ten
- OWASP Top-25 Parameters
- OWASP TorBot
- OWASP Vulnerability Management Center
- OWASP Vulnerability Management Guide
- OWASP Vulnerable Container Hub
- OWASP Vulnerable Web Applications Directory
- OWASP VulnerableApp
- OWASP VulnerableApp-Facade
- OWASP Watiqay
- OWASP Web Application Firewall Evaluation Criteria Project (WAFEC)
- OWASP Web Hacking Incident Database
- OWASP Web Mapper
- OWASP Web Security Testing Guide
- OWASP WebGoat
- OWASP WinFIM.NET
- OWASP WrongSecrets
- OWASP Zezengorri Code
- OWASP aegis4j
- OWASP crAPI
- OWASP dep-scan
- OWASP eBPFShield
- OWASP hacking-lab
- OWASP iGNITA
- OWASP iGoat Tool
- OWASP internet of things top 10
- OWASP pytm
- OWASP safetypes
- OWASP secureCodeBox
- OWASP untrust
- Pygoat
Flagship Projects
Projects that have demonstrated strategic value to OWASP and application security as a whole
Standards Projects
OWASP Application Security Verification Standard
The OWASP Application Security Verification Standard (ASVS) Project is a framework of security requirements that focus on defining the security controls required when designing, developing and testing modern web applications and web services.
OWASP CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction.
Tool Projects
Documentation Projects
OWASP Cheat Sheet Series
The OWASP Cheat Sheet Series project provides a set of concise good practice guides for application developers and defenders to follow.
OWASP Mobile Application Security
The OWASP Mobile Application Security (MAS) project consists of a series of documents that establish a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile application security assessment, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.
OWASP SAMM
A Software Assurance Maturity Model (SAMM) that provides an effective and measurable way for all types of organizations to analyse and improve their software security posture.
OWASP Top Ten
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.
OWASP Web Security Testing Guide
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
Code Projects
OWASP Amass
An open source framework that helps information security professionals perform network mapping of attack surfaces and external asset discovery using open source intelligence gathering and reconnaissance techniques!
OWASP Defectdojo
The leading open source application vulnerability management tool built for DevOps and continuous security integration.
OWASP Dependency-Check
Dependency-Check is a Software Composition Analysis (SCA) tool suite that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.
OWASP Dependency-Track
Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application for security trainings, awareness demos and CTFs. Also great voluntary guinea pig for your security tools and DevSecOps pipelines!
OWASP ModSecurity Core Rule Set
The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
OWASP OWTF
Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient, written mostly in Python.
OWASP Security Shepherd
OWASP Security Shepherd is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skillset to security expert status.