Content for OWASP Summit 2017 site
The Mobile Security Testing Guide (MSTG) is a manual for testing the security of mobile apps. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). The MSTG is meant to provide a baseline set of test cases for black-box and white-box security tests, and to help ensure c…
OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.
DefectDojo is an open-source defect tracking application
MsBuild task to warn about insecure NuGet libraries
The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
This is a working copy of the OWASP Project Handbook and is the draft where changes are made before publishing a final version on the OWASP wiki.
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Application Security Automation
OWASP Passfault evaluates passwords and enforces password policy in a completely different way.
O-Saft - OWASP SSL advanced forensic tool
The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security. It is meant to be used by mobile software architects and developers seeking to develop secure mobile applications and as a basis for mobile app security testing methodologies. The MASVS lists requirements for both security controls and software p…
Web and mobile application security training platform
Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM
Repo to hold the API backend files for the Maturity-Models project
UI for the Maturity-Models project
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
A vulnerable version of Rails that follows the OWASP Top 10
Repo for OwaspSAMM Maturity Model's data (imported as a submodule by the Maturity-Models project)
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Application Security Verification Standard
OWASP Learning Gateway Project will be a connected, collaborative learning platform to support the OWASP Mentor Initiative. We are currently working on a framework for the platform development.
Official OWASP Top 10 Document Repository
Home for the draft documents for the revitalization of OWASP Projects. Written in markdown for later conversion to MediaWiki markup via Pandoc