This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Project Inventory
OWASP Project Inventory
Flagship Projects
The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole. After a major review process [More info here] the following projects are considered to be flagship candidate projects. These project have been evaluated more deeply to confirm their flagship status:
Tools [Health Check January 2017]
- OWASP Zed Attack Proxy
- OWASP Web Testing Environment Project
- OWASP OWTF
- OWASP Dependency Check
- OWASP Security Shepherd
Code [Health Check January 2017]
Documentation[Health Check January 2017]
- OWASP Application Security Verification Standard Project
- OWASP Software Assurance Maturity Model (SAMM)
- OWASP AppSensor Project
- OWASP Top Ten Project
- OWASP Testing Project
Labs Projects
OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.
Thumbs up
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship
Tools [Reviewed Janaury 2017]
- O-Saft
- OWASP Dependency Track Project
- OWASP EnDe Project
- OWASP Hackademic Challenges Project*Review Needed
- OWASP Mantra Security Framework*Review Needed
- OWASP Mobile Security Project
- OWASP O2 Platform
- OWASP Passfault
- OWASP Security Ninjas Appsec Training Program*Review Needed
- OWASP WebGoat Project
- OWASP Xenotix XSS Exploit Framework
- OWASP Code Pulse Project
- OWASP Security Knowledge Framework
- OWASP SeraphimDroid Project
Documentation [Health Check January 2017]
- OWASP Application Security Guide For CISOs*Review Needed
- OWASP Cheat Sheets Project
- OWASP CISO Survey *Review Needed
- OWASP Code Review Guide Project
- OWASP Codes of Conduct *Review Needed
- OWASP Cornucopia
- OWASP Guide Project*Review Needed
- OWASP Podcast Project
- OWASP Proactive Controls
- OWASP Internet of Things Top Ten Project
- OWASP Top 10 Privacy Risks Project
- OWASP Reverse Engineering and Code Modification Prevention Project*Review Needed
Contests - Health Check February 2016
Code [Reviewed January 2017
- OWASP Enterprise Security API*Review Needed
- OWASP Python Security Project*Review Needed
- OWASP Security Logging Project
Incubator Projects
OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.
Thumbs up
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation
Code [Reviewed January 2017]
- OWASP Java Encoder Project
- OWASP Java HTML Sanitizer Project
- OWASP Node.js Goat Project
- OWASP Mth3l3m3nt Framework Project
- OWASP WebGoat PHP Project
- OWASP Secure Headers Project*Review Needed
- OWASP Vicnum Projct
- OWASP DeepViolet TLS/SSL_Scanner
- OWASP Off the record 4 Java Project
- OWASP Learning Gateway Project NEW!
Research
Tools [Reviewed last: January 2017]
- OWASP Benchmark
- OWASP Wordpress Vulnerability Scanner*Review Needed
- OWASP Threat Dragon
- OWASP Faux Bank Project*Review Needed
- OWASP Droid*Review Needed
- WAP Web Application_Protection*Review Needed
- OWASP Mutillidae 2 Project*Review Needed
- OWASP WebSpa Project*Review Needed
- OWASP Pyttacker Project
- OWASP Rainbow Maker Project *Review Needed
- OWASP ZSC Tool Project
- OWASP DefectDojo Project
- OWASP_Web Malware Scanner Project
- OWASP Basic Expression Lexicon Variation Algorithms (Belva) Project]
- OWASP VBScan
- OWASP Appsec Pipeline
- OWASP Juice Shop Project
- OWASP Bug Logging Tool
- OWASP iGoat Tool Project
Documentation[Review: May 2015 - Health Check February 2016]
- OWASP Snakes and Ladders Project
- OWASP Automated Threats to Web Applications
- OWASP Vulnerable Web Applications Directory Project
- OWASP .NET Project*Review Needed
- OWASP WASC Web Hacking Incidents Database Project*Review Needed
- OWASP Incident Response Project*
- OWASP KALP Mobile Project*Review Needed
- OWSP_Application_Security_Program_Quick_Start_Guide_Project*Review Needed
- OWASP_Secure_Configuration_Guide*Review Needed
- OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project
- OWASP RFP Criteria*Review Needed
- OWASP Web Mapper Project
- OWASP 10 Fuer Entwickler*Review Needed
- WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project
- OWASP Mobile Security Testing Guide
- OWASP Ransomeware Guide Project
Educational Initiatives
Health Check February 2016
- OWASP Student Chapters Project
- OWASP Education Project
- OWASP Speakers Project
- OWASP Media Project
- OWASP PHP Security Training Project
- OWASP Online Academy
Low Activity Projects
Low Activity (LABS)[Reviewed July 2015] Health Check February 2016
These projects had no releases in at least a year, however have shown to be valuable tools Code [Low Activity] Health Check February 2016
Tools Health Check February 2016
Documentation [Low Activity] Health Check February 2016
- OWASP AppSec Tutorial Series
- OWASP Legal Project
- Virtual Patching Best Practices
- OWASP Secure Coding Practices - Quick Reference Guide
Donated Projects
OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.
