OWASP는 GitHub에서 여러 가지 보안 관련 리포지토리를 운영하고 있습니다. 주요 프로그래밍 언어로는 HTML, Python, Java, JavaScript, TypeScript, C 등이 있으며, CheatSheetSeries, mastg, wstg와 같은 잘 알려진 프로젝트를 포함하고 있습니다. 이러한 리포지토리는 애플리케이션 보안과 관련된 고급 정보를 제공합니다.
주요 언어
공개 저장소
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
mastg
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Top10
Official OWASP Top 10 Document Repository
Go-SCP
Golang Secure Coding Practices guide
Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
ASVS
Application Security Verification Standard
NodeGoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
QRLJacking
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
crAPI
completely ridiculous API (crAPI)
threat-dragon
An open source threat modeling tool from OWASP
SecurityShepherd
Web and mobile application security training platform
wrongsecrets
Vulnerable app with examples showing how to not use secrets
www-project-top-ten
OWASP Foundation Web Respository
www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
www-project-top-10-for-large-language-model-applications
OWASP Top 10 for Large Language Model Apps (Part of the GenAI Security Project)
joomscan
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
pytm
A Pythonic framework for threat modeling
DevSecOpsGuideline
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
java-html-sanitizer
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
www-project-ai-testing-guide
OWASP Foundation web repository
MASTG-Hacking-Playground
이 저장소에 대한 설명이 제공되지 않았습니다.
APTS
OWASP Autonomous Penetration Testing Standard
OFFAT
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
owasp.github.io
OWASP Foundation main site repository
www-project-kubernetes-top-ten
OWASP Foundation Web Respository
OWASP-WebScarab
OWASP WebScarab
www-project-web-security-testing-guide
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
DVSA
a Damn Vulnerable Serverless Application
cve-lite-cli
Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remediation guidance.
Python-Honeypot
OWASP Honeypot, Automated Deception Framework.
iGoat-Swift
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
DockSec
AI-powered Docker security scanner that explains vulnerabilities in plain English. An OWASP Incubator Project.
Vulnerable-Web-Application
OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
Nest
Your gateway to OWASP. Discover, engage, and help shape the future!
www-project-ai-security-and-privacy-guide
OWASP Foundation Web Respository
www-chapter-japan
OWASP Foundation Web Respository
AISVS
The AI Security Verification Standard (AISVS) focuses on providing developers, architects, and security professionals with a structured checklist to verify the security of AI-driven applications.
www-project-proactive-controls
OWASP Foundation Web Respository
OpenCRE
이 저장소에 대한 설명이 제공되지 않았습니다.
OWASPWebGoatPHP
A deliberately vulnerable web application for learning web application security.
IoT-Security-Verification-Standard-ISVS
OWASP IoT Security Verification Standard (ISVS)
cornucopia
The source files and tools needed to build the OWASP Cornucopia decks in various languages
owasp-istg
The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results.
www-project-mobile-top-10
이 저장소에 대한 설명이 제공되지 않았습니다.
www-project-zap
OWASP Zed Attack Proxy project landing page.
Honeypot-Project
이 저장소에 대한 설명이 제공되지 않았습니다.
www-project-juice-shop
OWASP Foundation Web Respository
www-project-agentic-skills-top-10
OWASP Foundation web repository
secure-agent-playbook
OWASP Secure Agent Playbook Project
www-project-application-security-verification-standard
OWASP Foundation Web Respository
www-project-it-grc
OWASP Foundation Web Respository
www-project-mcp-top-10
OWASP MCP Top10
www-project-citizen-development-top10-security-risks
OWASP Citizen Development Top 10
www-project-smart-contract-top-10
OWASP Smart Contract Top 10
threat-dragon-desktop
Desktop variant of OWASP Threat Dragon
wrongsecrets-ctf-party
Run Capture the Flags and Security Trainings with OWASP WrongSecrets
PwnzzAI
이 저장소에 대한 설명이 제공되지 않았습니다.
www-project-devsecops-verification-standard
OWASP Foundation Web Respository
owasp-scs
OWASP Smart Contract Security (SCS) Project
www-project-agent-memory-guard
OWASP Foundation web repository
www-project-modsecurity-core-rule-set
OWASP Foundation Web Respository
www-project-non-human-identities-top-10
OWASP Non-Human Identities Top 10
owasp-cstg
이 저장소에 대한 설명이 제공되지 않았습니다.
maswe
The Mobile Application Security Weakness Enumeration (MASWE) is a list of common security and privacy weaknesses in mobile apps. It is intended to be used as a reference for developers, security researchers, and security professionals. It acts as the bridge between the OWASP MASVS and the MASTG.
TCASVS
OWASP Thick Client Application Security Verification Standard
OCSD
OWASP Certified Secure-Software Developer
www-project-api-security-testing-framework
OWASP Foundation web repository
www-project-threat-modeling
OWASP Foundation Web Respository
www-project-operational-technology-top-10
OWASP Foundation web repository
german-owasp-day
German OWASP Day conference site & presentation archive
www-project-promptme
PromptMe is an educational project that showcases security vulnerabilities in large language models (LLMs) and their web integrations. It includes 10 hands-on challenges inspired by the OWASP LLM Top 10, demonstrating how these vulnerabilities can be discovered and exploited in real-world scenarios.
www-project-pytm
OWASP Foundation Web Respository
quantum-security-project
이 저장소에 대한 설명이 제공되지 않았습니다.
wrongsecrets-binaries
Source code for the Binaries of OWASP WrongSecrets
www-project-iot-security-testing-guide
OWASP IoT Security Testing Guide site repository
FIASSE
A Framework for Integrating Application Security into Software Engineering (FIASSE) using the Securable Software Engineering Model (SSEM)
DonkAI
DonkAI is a hands-on lab for the OWASP Top 10 for LLM Applications (2025) - no real LLM required.
www-project-artificial-intelligence-security-verification-standard-aisvs-docs
OWASP Foundation web repository
www-chapter-jis-university-student-chapter
OWASP Foundation web repository
www-project-dungeons-and-daemons
This repository contains OWASP Dungeons & Daemons a collection of security games. It's purpose is to promote security awareness and practices.
www-project-dragon-gpt
OWASP Foundation Web Respository
www-chapter-nagoya
OWASP Foundation Web Respository
www-project-top-10-for-business-logic-abuse
OWASP Foundation web repository
www-chapter-ottawa
OWASP Foundation Web Repository for the Ottawa Ontario Chapter
GitHub-Workflow-Updater-Extension
Pin your github actions, from withi vscod (and forks)
MOSAIC
이 저장소에 대한 설명이 제공되지 않았습니다.
www-chapter-cologne
OWASP Foundation web repository
appsec-agent
A TypeScript package that provides AI-powered agents for Application Security (AppSec) tasks, built on top of the Claude Agent SDK.
www-chapter-austin
OWASP Foundation Web Respository
www-chapter-dhaka
OWASP Foundation Web Respository
www-chapter-national-institute-of-engineering-mysuru
OWASP Foundation Web Respository
www-chapter-buenos-aires
OWASP Foundation Web Respository
www-chapter-innsbruck
OWASP Foundation web repository
www-chapter-bristol-uk
OWASP Foundation Bristol UK chapter
www-project-vulnerable-ai-factory
OWASP Foundation web repository
MCP-Security-Testing-Guide
이 저장소에 대한 설명이 제공되지 않았습니다.
www-chapter-brisbane
OWASP Foundation Web Respository
www-chapter-heilbronn
OWASP Foundation web repository
자주 묻는 질문
OWASP는 GitHub에서 무엇을 개발하나요?
OWASP는 GitHub에서 애플리케이션 보안 관련 다양한 리포지토리를 개발하고 있습니다. 주요 프로젝트로는 CheatSheetSeries와 mastg, wstg 등이 있으며, 이들은 보안 테스트와 취약점 관리에 중점을 두고 있습니다.
OWASP는 어떤 프로그래밍 언어를 사용하나요?
OWASP는 HTML, Python, Java, JavaScript, TypeScript, C와 같은 여러 프로그래밍 언어를 사용하여 리포지토리를 개발합니다. 이러한 언어들은 다양한 보안 도구와 가이드를 만드는 데 활용됩니다.
OWASP의 리포지토리는 공개인가요?
네, OWASP의 모든 리포지토리는 공개되어 있어 누구나 접근하고 활용할 수 있습니다. 이는 보안 커뮤니티와 개발자들이 OWASP의 자료를 쉽게 이용할 수 있도록 돕습니다.