The Mobile Security Testing Guide (MSTG) is the ultimate guide for mobile app security testing and reverse engineering.
DefectDojo is an open-source defect tracking application
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
Content for OWASP Summit 2017 site
Application Security Verification Standard
O-Saft - OWASP SSL advanced forensic tool
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
Application Security Automation
The OWASP Guide
OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.
OWASP Learning Gateway Project will be a connected, collaborative learning platform to support the OWASP Mentor Initiative. We are currently working on a framework for the platform development.
Web and mobile application security training platform
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
MsBuild task to warn about insecure NuGet libraries
The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
OWASP Passfault evaluates passwords and enforces password policy in a completely different way.
Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM
Repo to hold the API backend files for the Maturity-Models project
UI for the Maturity-Models project
A vulnerable version of Rails that follows the OWASP Top 10
Repo for OwaspSAMM Maturity Model's data (imported as a submodule by the Maturity-Models project)