This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 14:45, 26 March 2019 by Yoseman (talk | contribs)

Jump to: navigation, search


OWASP is going to apply to participate in the inaugural Google Season of Docs We will be requesting project ideas to help us complete our organization application which is due April 23rd.

OWASP Project Documentation Requests

Tips to get you started in no particular order:

* Read Google Season of Docs Project Ideas
* Read Program Rules


OWASP Zed Attack Proxy Project (ZAP) one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.


ZAP has an extremely powerful API that allows you to do nearly everything that possible via the desktop interface. It is considered on of ZAPs strengths and is heavily used for automation. Unfortunately is also not particularly well documented and we get many queries about it on the support groups.

Existing documentation includes:

This project would:

  1. Explain the concepts behind the UI
  2. Explain how it can be used at a high level
  3. Detail all of the API calls

The documentation should be suitable for publishing as web pages and for printing on paper.


Zest is an experimental specialized scripting language developed by the ZAP team and is intended to be used in web oriented security tools. While it is tool independent it is heavily used by ZAP.

Existing documentation includes:

This project would:

  1. Explain the concepts behind the Zest
  2. Explain how to write Zest scripts
  3. Document the ZAP Desktop UI provided relating to Zest

The documentation should be suitable for publishing as web pages and ideally the parts relating to the ZAP Desktop UI should be able to be included within the UI as context sensitive help.

OWASP Juice Shop

OWASP Juice Shop Project is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

"Pwning OWASP Juice Shop" Companion Guide

Pwning OWASP Juice Shop is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge. The ebook is published under CC BY-NC-ND 4.0 and is available for free as work-in-progress in HTML, PDF, Kindle and ePub format on GitBook. The latest officially released edition is available for free on LeanPub in PDF, Kindle and ePub format.

PwningOWASPJuiceShop Cover.jpg

The book is divided into three parts:

  1. Part I - Hacking preparations (helps you to get the application running and to set up optional hacking tools)
  2. Part II - Challenge hunting (gives an overview of the vulnerabilities found in the OWASP Juice Shop including hints how to find and exploit them in the application)
  3. Part III - Getting involved (shows up various ways to contribute to the OWASP Juice Shop open source project)

Primary focus points of this project could be:

  • Migrate the eBook from (legacy) GitBook format to either latest GitBook or another suitable format
  • Mandatory requirement is the ability to generate PDF/ePub/Mobi versions of the book for LeanPub and to be able to host it in HTML online-readable form

This project could additionally:

  • Add hints and solutions for currently undocumented challenges (marked with :wrench: **TODO**)
  • Extend the "Codebase 101" chapter with more details and examples for new contributors
  • Review, curate and extend the other existing content

OWASP-Securetea Tools Project

The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows). The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium. . -
This project would:
1. Review, curate and extend the other existing content of User Guide and Developer Guide
2.Help to translate into many languages as you can do
Example : Japanese Translate 3. As Content Writer we need your best ideas for improve The SecureTea Project Documentation.