There are 75 repositories under owasp topic.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
A collection of hacking / penetration testing resources to make you better!
In-depth attack surface mapping and asset discovery
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A curated list of resources for learning about application security
A list of web application security
Next generation web scanner
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
DevSecOps, ASPM, Vulnerability Management. All on one platform.
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Awesome Node.js Security resources
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Automated Security Testing For REST API's
😎 🔗 Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Full-stack .Net 8 Clean Architecture (Microservices, Modular Monolith, Monolith), Blazor, Angular 18, React 18, Vue 3, BFF with YARP, Domain-Driven Design, CQRS, SOLID, Asp.Net Core Identity Custom Storage, OpenID Connect, Entity Framework Core, OpenTelemetry, SignalR, Hosted Services, Health Checks, Rate Limiting, Cloud Services (Azure, AWS, GCP).
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
OWASP Web Application Security Testing Checklist
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
Vulnerable app with examples showing how to not use secrets
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +57 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber, NCSC, ECC, SCF and so much more