This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Project Inventory
The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
Tool Projects
- OWASP Zed Attack Proxy
- OWASP WTE (Web Testing Environment)
- OWASP OWTF
- OWASP Dependency Check
- OWASP Security Shepherd
Code Projects
Documentation Projects
- OWASP Application Security Verification Standard Project
- OWASP Software Assurance Maturity Model (SAMM)
- OWASP AppSensor Project
- OWASP Top Ten Project
- OWASP Testing Project
OWASP Labs projects represent projects that have produced a deliverable of value and ready for mainstream usage.
Tool Projects
- OWASP O-Saft
- OWASP Dependency Track Project
- OWASP EnDe Project
- OWASP Hackademic Challenges Project
- OWASP Mantra Security Framework
- OWASP Mobile Security Project
- OWASP O2 Platform
- OWASP Passfault
- OWASP Security Ninjas Appsec Training Program
- OWASP WebGoat Project
- OWASP Xenotix XSS Exploit Framework
- OWASP Code Pulse Project
- OWASP Security Knowledge Framework
- OWASP SeraphimDroid Project
Code Projects
Documentation Projects
- OWASP Application Security Guide For CISOs
- OWASP Cheat Sheets Project
- OWASP CISO Survey
- OWASP Code Review Guide Project
- OWASP Codes of Conduct
- OWASP Cornucopia
- OWASP Guide Project
- OWASP Podcast Project
- OWASP Proactive Controls
- OWASP Internet of Things Top Ten Project
- OWASP Top 10 Privacy Risks Project
- OWASP Reverse Engineering and Code Modification Prevention Project
Contest Projects
OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.
Tool Projects
- OWASP Benchmark
- OWASP Wordpress Vulnerability Scanner
- OWASP Threat Dragon
- OWASP Faux Bank Project
- OWASP Droid
- OWASP WAP Web Application_Protection
- OWASP Mutillidae 2 Project
- OWASP WebSpa Project
- OWASP Pyttacker Project
- OWASP Rainbow Maker Project
- OWASP ZSC Tool Project
- OWASP DefectDojo Project
- OWASP_Web Malware Scanner Project
- OWASP Basic Expression Lexicon Variation Algorithms (Belva) Project]
- OWASP VBScan
- OWASP Appsec Pipeline
- OWASP Juice Shop Project
- OWASP Bug Logging Tool
- OWASP iGoat Tool Project
Code Projects
- OWASP Java Encoder Project
- OWASP Java HTML Sanitizer Project
- OWASP Node.js Goat Project
- OWASP Mth3l3m3nt Framework Project
- OWASP WebGoat PHP Project
- OWASP Secure Headers Project
- OWASP Vicnum Projct
- OWASP DeepViolet TLS/SSL_Scanner
- OWASP Off the record 4 Java Project
- OWASP Learning Gateway Project
Documentation Projects
- OWASP Snakes and Ladders Project
- OWASP Automated Threats to Web Applications
- OWASP Vulnerable Web Applications Directory Project
- OWASP .NET Project
- OWASP WASC Web Hacking Incidents Database Project
- OWASP Incident Response Project
- OWASP KALP Mobile Project
- OWSP_Application_Security_Program_Quick_Start_Guide_Project
- OWASP_Secure_Configuration_Guide
- OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project
- OWASP RFP Criteria
- OWASP Web Mapper Project
- OWASP 10 Fuer Entwickler
- WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project
- OWASP Mobile Security Testing Guide
- OWASP Ransomeware Guide Project
Research
These projects had no recent releases or significant development activity in at least a year, however have shown to be valuable tools.
Tool Projects
Code Projects
Documentation Projects
- OWASP AppSec Tutorial Series
- OWASP Legal Project
- OWASP Virtual Patching Best Practices
- OWASP Secure Coding Practices - Quick Reference Guide
Donated Projects
OWASP Donated Projects are inactive projects that have been donated to the OWASP Foundation.