Project Leaders
- CSRFGuard
- OWASP .Net
- OWASP API Security Project
- OWASP APICheck
- OWASP ASVS-Graph
- OWASP AWScanner
- OWASP Access Log Parser
- OWASP AndroGoat
- OWASP Android Security Inspector Toolkit
- OWASP Anti-Ransomware Guide
- OWASP AntiSamy
- OWASP Application Gateway
- OWASP Application Security Curriculum
- OWASP Application Security Verification Standard
- OWASP Appsec Pipeline
- OWASP Appsensor
- OWASP Attack Surface Detector
- OWASP Auth
- OWASP Automated Threats to Web Applications
- OWASP Automotive EMB 60
- OWASP Benchmark
- OWASP Best Practices In Vulnerability Disclosure And Bug Bounty Programs
- OWASP Big Data Security Verification Standard
- OWASP Blockchain Distributed Infrastructure
- OWASP Broken Web Applications
- OWASP Bug Logging Tool
- OWASP CSRFProtector Project
- OWASP CWE Toolkit
- OWASP Cloud Security Mentor
- OWASP Cloud Security Testing Guide
- OWASP Cloud Testing Guide
- OWASP Cloud-Native Application Security Top 10
- OWASP Cloud-Native Security Project
- OWASP CloudSheep
- OWASP Code Pulse
- OWASP Code Review Guide
- OWASP Container Security Verification Standard
- OWASP Core Business Application Security
- OWASP Cornucopia
- OWASP Ctf
- OWASP Cyber Defense Matrix
- OWASP Cyber Scavenger Hunt
- OWASP Cyber Security Enterprise Operations Architecture
- OWASP D4N155
- OWASP DPD (DDOS Prevention using DPI)
- OWASP DVSA
- OWASP Damn Vulnerable Crypto Wallet
- OWASP Damn Vulnerable Thick Client Application
- OWASP Damn Vulnerable Web Sockets
- OWASP Defectdojo
- OWASP Dependency-Check
- OWASP Dependency-Track
- OWASP DevSecOps Guideline
- OWASP DevSlop
- OWASP Devsecops Maturity Model
- OWASP Docker Top 10
- OWASP Drill
- OWASP Embedded Application Security
- OWASP Ende
- OWASP Enterprise DevSecOps
- OWASP Enterprise Security API (ESAPI)
- OWASP Find Security Bugs
- OWASP Game Security Framework
- OWASP Glue Tool
- OWASP Go Secure Coding Practices Guide
- OWASP Honeypot
- OWASP Igoat Tool
- OWASP Incident Response
- OWASP Information Security Metrics Bank
- OWASP Integration Standards
- OWASP Intelligent Intrusion Detection System
- OWASP IoT Security Verification Standard
- OWASP Iot Analytics 4Industry4
- OWASP Java Encoder
- OWASP Java HTML Sanitizer
- OWASP Joomscan
- OWASP Jotp
- OWASP Json Sanitizer
- OWASP Juice Shop
- OWASP Jupiter
- OWASP Knowledge Based Authentication Performance Metrics
- OWASP Kubernetes Security Testing Guide
- OWASP Laravel Goat
- OWASP Learning Gateway
- OWASP Lock It
- OWASP MITM Guard
- OWASP Machine Learning Security Top 10
- OWASP Maryam
- OWASP Mobile Audit
- OWASP Mobile Security Testing Guide
- OWASP Mobile Top 10
- OWASP ModSecurity Core Rule Set
- OWASP Mth3L3M3Nt Framework
- OWASP Nettacker
- OWASP Node.js Goat
- OWASP O-Saft
- OWASP O2 Platform
- OWASP OWTF
- OWASP Off The Record 4 Java
- OWASP Online Academy
- OWASP Ontology Driven Threat Modeling Framework
- OWASP Passfault
- OWASP Patton
- OWASP Php
- OWASP Php Security Training
- OWASP Podcast
- OWASP Proactive Controls
- OWASP Pygoat
- OWASP Python Honeypot
- OWASP Python Security
- OWASP Pyttacker
- OWASP Qrljacker
- OWASP Redteam Toolkit
- OWASP Revelo
- OWASP Reverse Engineering And Code Modification Prevention
- OWASP Risk Assessment Framework
- OWASP SAMM
- OWASP SEDATED®
- OWASP SamuraiWTF
- OWASP Scan IT
- OWASP Seclists
- OWASP Sectudo
- OWASP Secure Coding Dojo
- OWASP Secure Headers Project
- OWASP Secure Logging Benchmark
- OWASP Secure Medical Device Deployment Standard
- OWASP SecureBank
- OWASP SecureFlag Open Platform
- OWASP SecureTea Project
- OWASP Security Busters
- OWASP Security Integration System
- OWASP Security Knowledge Framework
- OWASP Security Logging
- OWASP Security Pins
- OWASP Security Qualitative Metrics
- OWASP Security Resource Framework
- OWASP Security Shepherd
- OWASP SecurityRAT
- OWASP Seeker
- OWASP Seraphimdroid
- OWASP Serverless Goat
- OWASP Serverless Top 10
- OWASP Single Sign-On
- OWASP Snakes And Ladders
- OWASP Snow
- OWASP Software Component Verification Standard
- OWASP Software Composition Security
- OWASP Software Security 5D Framework
- OWASP Thick Client Top 10 Project
- OWASP Threat Dragon
- OWASP Threat Model
- OWASP Threat Model Cookbook
- OWASP Threat Modeling Playbook (OTMP)
- OWASP Threatspec
- OWASP TimeGap Theory
- OWASP Top 10 Card Game
- OWASP Top 10 Fuer Entwickler
- OWASP Top 10 Privacy Risks
- OWASP Top Ten
- OWASP TorBot
- OWASP University Challenge
- OWASP Vbscan
- OWASP Vicnum
- OWASP Virtual Patching Best Practices
- OWASP Voice Automated Application Security
- OWASP Vulnerable Container Hub
- OWASP Vulnerable Web Application
- OWASP Vulnerable Web Applications Directory
- OWASP VulnerableApp
- OWASP Watiqay
- OWASP Web Application Firewall Evaluation Criteria Project (WAFEC)
- OWASP Web Mapper
- OWASP Web Security Testing Guide
- OWASP Web Testing Environment
- OWASP WebGoat
- OWASP Webspa
- OWASP WinFIM.NET
- OWASP Wpbullet
- OWASP ZAP
- OWASP Zezengorri Code
- OWASP Zsc Tool
- OWASP cloud security
- OWASP crAPI
- OWASP hacking-lab
- OWASP internet of things top 10
- OWASP jvmxray
- OWASP little web application firewall
- OWASP purpleteam
- OWASP pytm
- OWASP secureCodeBox
- OWASP webgoat php
Flagship Projects
Projects that have demonstrated strategic value to OWASP and application security as a whole
Tool Projects
OWASP Amass
An advanced open source tool to help information security professionals perform network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques!
CSRFGuard
More info soon…
OWASP Defectdojo
The leading open source application vulnerability management tool built for DevOps and continuous security integration.
OWASP Dependency-Check
Dependency-Check is a Software Composition Analysis (SCA) tool suite that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.
OWASP Dependency-Track
Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application for security trainings, awareness demos and CTFs. Also great voluntary guinea pig for your security tools and DevSecOps pipelines!
OWASP OWTF
Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient, written mostly in Python.
OWASP Security Shepherd
More info soon…
OWASP ZAP
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. Great for pentesters, devs, QA, and CI/CD integration.
Documentation Projects
OWASP Application Security Verification Standard
More info soon…
OWASP Cheat Sheet Series
The OWASP Cheat Sheet Series project provides a set of concise good practice guides for application developers and defenders to follow.
OWASP Mobile Security Testing Guide
More info soon…
OWASP SAMM
A Software Assurance Maturity Model (SAMM) that provides an effective and measurable way for all types of organizations to analyse and improve their software security posture.
OWASP Security Qualitative Metrics
The OWASP Security Qualitative Metrics is the most detailed list of metrics which evaluate security level of web projects. It shows the level of coverage of OWASP ASVS.
OWASP Top Ten
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.
OWASP Web Security Testing Guide
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
Code Projects
OWASP ModSecurity Core Rule Set
More info soon…