Public GitHub footprint of OWASP

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Official OWASP Top 10 Document Repository

Golang Secure Coding Practices guide

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Application Security Verification Standard

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

completely ridiculous API (crAPI)

An open source threat modeling tool from OWASP

Web and mobile application security training platform

Vulnerable app with examples showing how to not use secrets

OWASP Foundation Web Respository

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

OWASP Top 10 for Large Language Model Apps (Part of the GenAI Security Project)

OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/

A Pythonic framework for threat modeling

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

A vulnerable version of Rails that follows the OWASP Top 10

OWASP Foundation web repository

No description provided for this repository.

OWASP Autonomous Penetration Testing Standard

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

OWASP Foundation main site repository

OWASP Foundation Web Respository

OWASP WebScarab

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

a Damn Vulnerable Serverless Application

Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remediation guidance.

OWASP Honeypot, Automated Deception Framework.

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

AI-powered Docker security scanner that explains vulnerabilities in plain English. An OWASP Incubator Project.

OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

Your gateway to OWASP. Discover, engage, and help shape the future!

OWASP Foundation Web Respository

OWASP Foundation Web Respository

The AI Security Verification Standard (AISVS) focuses on providing developers, architects, and security professionals with a structured checklist to verify the security of AI-driven applications.

OWASP Foundation Web Respository

No description provided for this repository.

A deliberately vulnerable web application for learning web application security.

OWASP IoT Security Verification Standard (ISVS)

The source files and tools needed to build the OWASP Cornucopia decks in various languages

The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results.

No description provided for this repository.

OWASP Zed Attack Proxy project landing page.

No description provided for this repository.

OWASP Foundation Web Respository

OWASP Foundation web repository

OWASP Secure Agent Playbook Project

OWASP Foundation Web Respository

OWASP Foundation Web Respository

OWASP MCP Top10

OWASP Citizen Development Top 10

OWASP Smart Contract Top 10

Desktop variant of OWASP Threat Dragon

Run Capture the Flags and Security Trainings with OWASP WrongSecrets

No description provided for this repository.

OWASP Foundation Web Respository

OWASP Smart Contract Security (SCS) Project

OWASP Foundation web repository

OWASP Foundation Web Respository

OWASP Non-Human Identities Top 10

No description provided for this repository.

The Mobile Application Security Weakness Enumeration (MASWE) is a list of common security and privacy weaknesses in mobile apps. It is intended to be used as a reference for developers, security researchers, and security professionals. It acts as the bridge between the OWASP MASVS and the MASTG.

OWASP Thick Client Application Security Verification Standard

OWASP Certified Secure-Software Developer

OWASP Foundation web repository

OWASP Foundation Web Respository

OWASP Foundation web repository

German OWASP Day conference site & presentation archive

PromptMe is an educational project that showcases security vulnerabilities in large language models (LLMs) and their web integrations. It includes 10 hands-on challenges inspired by the OWASP LLM Top 10, demonstrating how these vulnerabilities can be discovered and exploited in real-world scenarios.

OWASP Foundation Web Respository

No description provided for this repository.

Source code for the Binaries of OWASP WrongSecrets

OWASP IoT Security Testing Guide site repository

A Framework for Integrating Application Security into Software Engineering (FIASSE) using the Securable Software Engineering Model (SSEM)

DonkAI is a hands-on lab for the OWASP Top 10 for LLM Applications (2025) - no real LLM required.

OWASP Foundation web repository

OWASP Foundation web repository

This repository contains OWASP Dungeons & Daemons a collection of security games. It's purpose is to promote security awareness and practices.

OWASP Foundation Web Respository

OWASP Foundation Web Respository

OWASP Foundation web repository

OWASP Foundation Web Repository for the Ottawa Ontario Chapter

Pin your github actions, from withi vscod (and forks)

No description provided for this repository.

OWASP Foundation web repository

A TypeScript package that provides AI-powered agents for Application Security (AppSec) tasks, built on top of the Claude Agent SDK.

OWASP Foundation Web Respository

OWASP Foundation Web Respository

OWASP Foundation Web Respository

OWASP Foundation Web Respository

OWASP Foundation web repository

OWASP Foundation Bristol UK chapter

OWASP Foundation web repository

No description provided for this repository.

OWASP Foundation Web Respository

OWASP Foundation web repository