a library for performing fast, configurable cleansing of HTML coming from untrusted sources

Contributors: 19

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Contributors: 64

The OWASP Secure Headers Project

Contributors: 17

The main SamuraiWTF collaborative distro repo.

Contributors: 7

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

Contributors: 86

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

Contributors: 37

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

Contributors: 31

Web and mobile application security training platform

Contributors: 43

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Contributors: 286

DevSecOps, ASPM, Vulnerability Management. All on one platform.

Contributors: 358

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. GPT: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cdxgen

Contributors: 88

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Contributors: 458

In-depth attack surface mapping and asset discovery

Contributors: 61

OWASP Top 10 Infrastructure Security Risks

Contributors: 3

The ZAP core project

Contributors: 213

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Contributors: 122

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Contributors: 218

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

Contributors: 9

Vulnerable app with examples showing how to not use secrets

Contributors: 36

Official OWASP Top 10 Document Repository

Contributors: 136

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Contributors: 42

OWASP Honeypot, Automated Deception Framework.

Contributors: 10

O-Saft - OWASP SSL advanced forensic tool

Contributors: 9

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Contributors: 47

OWASP CRS (Official Repository)

Contributors: 116

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Contributors: 85

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Contributors: 108

Application Security Verification Standard

Contributors: 98

OWASP API Security Project

Contributors: 30

OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.

Contributors: 67