• The Mobile Security Testing Guide (MSTG) is the ultimate guide for mobile app security testing and reverse engineering.

    HTML 172 75 Updated Mar 30, 2017
  • DefectDojo is an open-source defect tracking application

    python security django analytics owasp vulnerability-databases

    HTML 200 77 Updated Mar 30, 2017
  • 8 4 Updated Mar 29, 2017
  • Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

    Java 184 63 Updated Mar 29, 2017
  • The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

    nodejs javascript heroku docker vulnerabilities owasp-zap owasp-top-ten

    HTML 408 219 Updated Mar 28, 2017
  • The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

    Python 85 25 Updated Mar 28, 2017
  • Content for OWASP Summit 2017 site

    CSS 18 45 Updated Mar 28, 2017
  • Application Security Verification Standard

    XSLT 118 37 Updated Mar 27, 2017
  • O-Saft - OWASP SSL advanced forensic tool

    Perl 117 25 Updated Mar 27, 2017
  • OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…

    Java 66 32 Updated Mar 22, 2017
  • Application Security Automation

    Ruby 97 24 Updated Mar 20, 2017
  • The OWASP Guide

    1,072 201 Updated Mar 15, 2017
  • OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.

    django bug

    JavaScript 7 8 Updated Mar 12, 2017
  • OWASP Learning Gateway Project will be a connected, collaborative learning platform to support the OWASP Mentor Initiative. We are currently working on a framework for the platform development.

    HTML 6 1 Updated Mar 10, 2017
  • Web and mobile application security training platform

    Java 300 98 Updated Mar 10, 2017
  • QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

    Python 125 65 Updated Mar 8, 2017
  • C# 5 4 Updated Mar 6, 2017
  • XSLT 38 11 Updated Mar 1, 2017
  • Java 81 23 Updated Feb 28, 2017
  • MsBuild task to warn about insecure NuGet libraries

    C# 29 14 Updated Feb 23, 2017
  • The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

    Python 120 43 Updated Feb 23, 2017
  • PHP 5 4 Updated Feb 23, 2017
  • C 1 1 Updated Feb 22, 2017
  • The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

    Java 84 31 Updated Feb 19, 2017
  • OWASP Passfault evaluates passwords and enforces password policy in a completely different way.

    JavaScript 105 35 Updated Feb 18, 2017
  • Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM

    JavaScript 46 9 Updated Feb 8, 2017
  • Repo to hold the API backend files for the Maturity-Models project

    CoffeeScript 1 1 Updated Feb 8, 2017
  • UI for the Maturity-Models project

    CoffeeScript 2 3 Updated Feb 8, 2017
  • A vulnerable version of Rails that follows the OWASP Top 10

    JavaScript 355 128 Updated Jan 30, 2017
  • Repo for OwaspSAMM Maturity Model's data (imported as a submodule by the Maturity-Models project)

    Updated Jan 29, 2017