OWASP在GitHub上拥有一个广泛的公共存在,涵盖多个领域的安全项目。该组织的主要编程语言包括HTML、Python、Java、JavaScript和TypeScript。值得注意的公共仓库包括CheatSheetSeries和mastg,它们提供了关于应用安全的高价值信息和测试指南。
顶级语言
公共仓库
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
mastg
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Top10
Official OWASP Top 10 Document Repository
Go-SCP
Golang Secure Coding Practices guide
Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
ASVS
Application Security Verification Standard
NodeGoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
QRLJacking
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
crAPI
completely ridiculous API (crAPI)
threat-dragon
An open source threat modeling tool from OWASP
SecurityShepherd
Web and mobile application security training platform
wrongsecrets
Vulnerable app with examples showing how to not use secrets
www-project-top-ten
OWASP Foundation Web Respository
www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
www-project-top-10-for-large-language-model-applications
OWASP Top 10 for Large Language Model Apps (Part of the GenAI Security Project)
joomscan
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
pytm
A Pythonic framework for threat modeling
DevSecOpsGuideline
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
java-html-sanitizer
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
www-project-ai-testing-guide
OWASP Foundation web repository
MASTG-Hacking-Playground
此仓库未提供描述。
APTS
OWASP Autonomous Penetration Testing Standard
OFFAT
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
owasp.github.io
OWASP Foundation main site repository
www-project-kubernetes-top-ten
OWASP Foundation Web Respository
OWASP-WebScarab
OWASP WebScarab
www-project-web-security-testing-guide
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
DVSA
a Damn Vulnerable Serverless Application
cve-lite-cli
Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remediation guidance.
Python-Honeypot
OWASP Honeypot, Automated Deception Framework.
iGoat-Swift
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
DockSec
AI-powered Docker security scanner that explains vulnerabilities in plain English. An OWASP Incubator Project.
Vulnerable-Web-Application
OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
Nest
Your gateway to OWASP. Discover, engage, and help shape the future!
www-project-ai-security-and-privacy-guide
OWASP Foundation Web Respository
www-chapter-japan
OWASP Foundation Web Respository
AISVS
The AI Security Verification Standard (AISVS) focuses on providing developers, architects, and security professionals with a structured checklist to verify the security of AI-driven applications.
www-project-proactive-controls
OWASP Foundation Web Respository
OpenCRE
此仓库未提供描述。
OWASPWebGoatPHP
A deliberately vulnerable web application for learning web application security.
IoT-Security-Verification-Standard-ISVS
OWASP IoT Security Verification Standard (ISVS)
cornucopia
The source files and tools needed to build the OWASP Cornucopia decks in various languages
owasp-istg
The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to adapt innovations, and developments in the IoT market while still ensuring comparability of test results.
www-project-mobile-top-10
此仓库未提供描述。
www-project-zap
OWASP Zed Attack Proxy project landing page.
Honeypot-Project
此仓库未提供描述。
www-project-juice-shop
OWASP Foundation Web Respository
www-project-agentic-skills-top-10
OWASP Foundation web repository
secure-agent-playbook
OWASP Secure Agent Playbook Project
www-project-application-security-verification-standard
OWASP Foundation Web Respository
www-project-it-grc
OWASP Foundation Web Respository
www-project-mcp-top-10
OWASP MCP Top10
www-project-citizen-development-top10-security-risks
OWASP Citizen Development Top 10
www-project-smart-contract-top-10
OWASP Smart Contract Top 10
threat-dragon-desktop
Desktop variant of OWASP Threat Dragon
wrongsecrets-ctf-party
Run Capture the Flags and Security Trainings with OWASP WrongSecrets
PwnzzAI
此仓库未提供描述。
www-project-devsecops-verification-standard
OWASP Foundation Web Respository
owasp-scs
OWASP Smart Contract Security (SCS) Project
www-project-agent-memory-guard
OWASP Foundation web repository
www-project-modsecurity-core-rule-set
OWASP Foundation Web Respository
www-project-non-human-identities-top-10
OWASP Non-Human Identities Top 10
owasp-cstg
此仓库未提供描述。
maswe
The Mobile Application Security Weakness Enumeration (MASWE) is a list of common security and privacy weaknesses in mobile apps. It is intended to be used as a reference for developers, security researchers, and security professionals. It acts as the bridge between the OWASP MASVS and the MASTG.
TCASVS
OWASP Thick Client Application Security Verification Standard
OCSD
OWASP Certified Secure-Software Developer
www-project-api-security-testing-framework
OWASP Foundation web repository
www-project-threat-modeling
OWASP Foundation Web Respository
www-project-operational-technology-top-10
OWASP Foundation web repository
german-owasp-day
German OWASP Day conference site & presentation archive
www-project-promptme
PromptMe is an educational project that showcases security vulnerabilities in large language models (LLMs) and their web integrations. It includes 10 hands-on challenges inspired by the OWASP LLM Top 10, demonstrating how these vulnerabilities can be discovered and exploited in real-world scenarios.
www-project-pytm
OWASP Foundation Web Respository
quantum-security-project
此仓库未提供描述。
wrongsecrets-binaries
Source code for the Binaries of OWASP WrongSecrets
www-project-iot-security-testing-guide
OWASP IoT Security Testing Guide site repository
FIASSE
A Framework for Integrating Application Security into Software Engineering (FIASSE) using the Securable Software Engineering Model (SSEM)
DonkAI
DonkAI is a hands-on lab for the OWASP Top 10 for LLM Applications (2025) - no real LLM required.
www-project-artificial-intelligence-security-verification-standard-aisvs-docs
OWASP Foundation web repository
www-chapter-jis-university-student-chapter
OWASP Foundation web repository
www-project-dungeons-and-daemons
This repository contains OWASP Dungeons & Daemons a collection of security games. It's purpose is to promote security awareness and practices.
www-project-dragon-gpt
OWASP Foundation Web Respository
www-chapter-nagoya
OWASP Foundation Web Respository
www-project-top-10-for-business-logic-abuse
OWASP Foundation web repository
www-chapter-ottawa
OWASP Foundation Web Repository for the Ottawa Ontario Chapter
GitHub-Workflow-Updater-Extension
Pin your github actions, from withi vscod (and forks)
MOSAIC
此仓库未提供描述。
www-chapter-cologne
OWASP Foundation web repository
appsec-agent
A TypeScript package that provides AI-powered agents for Application Security (AppSec) tasks, built on top of the Claude Agent SDK.
www-chapter-austin
OWASP Foundation Web Respository
www-chapter-dhaka
OWASP Foundation Web Respository
www-chapter-national-institute-of-engineering-mysuru
OWASP Foundation Web Respository
www-chapter-buenos-aires
OWASP Foundation Web Respository
www-chapter-innsbruck
OWASP Foundation web repository
www-chapter-bristol-uk
OWASP Foundation Bristol UK chapter
www-project-vulnerable-ai-factory
OWASP Foundation web repository
MCP-Security-Testing-Guide
此仓库未提供描述。
www-chapter-brisbane
OWASP Foundation Web Respository
www-chapter-heilbronn
OWASP Foundation web repository
常见问题
OWASP在GitHub上构建了什么?
OWASP在GitHub上构建了一系列与应用安全相关的项目,包括CheatSheetSeries和Web Security Testing Guide等。这些项目为开发者提供了重要的安全指导和最佳实践.
OWASP使用哪些编程语言?
OWASP的公共仓库主要使用HTML、Python、Java、JavaScript和TypeScript等编程语言。这些语言的广泛应用使得OWASP能够覆盖多种安全领域.
OWASP的仓库是公开的吗?
是的,OWASP的所有仓库都是公开的,任何人都可以访问和使用这些资源。这种透明度有助于促进安全知识的共享和应用.