Owasp

38 projects

Showing 36 of 38 projects

ZapJava

A free, open-source web application security scanner for finding vulnerabilities during development and testing.

#hacktoberfest#owasp#web-security

Stars15.2k

Forks2.6k

Last commit4 days ago

AmassGo

Performs in-depth attack surface mapping and external asset discovery using open source intelligence and active reconnaissance.

#asset-discovery#enumeration#osint-reconnaissance

Stars14.7k

Forks2.1k

Last commit1 month ago

AmassGo

Performs in-depth attack surface mapping and external asset discovery using open source intelligence and active reconnaissance.

#asset-discovery#enumeration#osint-reconnaissance

Stars14.7k

Forks2.1k

Last commit1 month ago

OWASP Mobile Security Testing GuidePython

A comprehensive manual for mobile app security testing and reverse engineering, aligned with OWASP MASVS and MASWE.

#ios-app#runtime-analysis#mobile-security

A curated list of books, articles, websites, and tools for learning application security across multiple programming languages.

#secure-coding#security-experts#owasp

Stars6.9k

Forks795

Last commit1 year ago

Application SecurityPHP

A curated list of books, articles, websites, and tools for learning application security across multiple programming languages.

#secure-coding#security-experts#owasp

Stars6.9k

Forks795

Last commit1 year ago

Awesome Web Hacking

A curated list of resources for learning and practicing web application security, including tools, books, courses, and vulnerable labs.

#hacking-tools#vulnerability-assessment#vulnerabilities

Stars6.9k

Forks1.3k

Last commit8 days ago

WhatWebRuby

A next-generation web scanner that identifies websites and their technologies using over 1800 plugins with configurable aggression levels.

#penetration-test#owasp#kali-linux

Stars6.6k

Forks992

Last commit2 months ago

CommixPython

An automated penetration testing tool that detects and exploits command injection vulnerabilities in web applications.

#open-source#owasp#web-security

Stars5.8k

Forks932

Last commit2 days ago

Awesome Security Talks & Videos

A curated collection of security conference talks and videos from events like DEF CON, Black Hat, and BSides.

#security-talks#owasp#video-library

Stars4.2k

Forks492

Last commit3 months ago

retire.jsJavaScript

A scanner that detects JavaScript libraries with known vulnerabilities and can generate a Software Bill of Materials (SBOM).

#sbom#vulnerabilities#owasp

A fast, configurable HTML sanitizer for Go that scrubs user-generated content of XSS attacks using an allowlist policy.

#sanitization#owasp#web-security

Stars3.7k

Forks193

Last commit1 year ago

CorazaGo

An open-source, enterprise-grade Web Application Firewall library written in Go, compatible with ModSecurity SecLang rulesets.

#reverse-proxy#waf#owasp

Stars3.5k

Forks322

Last commit23 hours ago

AstraPython

An automated security testing framework for REST APIs that detects vulnerabilities like SQL injection, XSS, and CSRF.

#owasp#web-security#sdlc

Stars2.6k

Forks413

Last commit2 years ago

Find Security BugsJava

A SpotBugs plugin for detecting security vulnerabilities in Java web and Android applications.

#taint-analysis#owasp#spotbugs-plugin

Stars2.4k

Forks481

Last commit2 months ago

OWASP MASVSPython

The OWASP Mobile Application Security Verification Standard (MASVS) is the industry standard for mobile app security.

#app-security#mobile-security#standard

Stars2.4k

Forks685

Last commit5 months ago

Zen Rails Security ChecklistRuby

A community-driven checklist of security precautions for Ruby on Rails applications to minimize vulnerabilities.

#secure-coding#rails#owasp

Stars1.8k

Forks145

Last commit6 years ago

Awesome Threat ModellingDockerfile

A curated list of threat modeling resources including books, courses, videos, tools, tutorials, and examples for learning and practicing threat modeling.

#owasp#awesome-list#risk-assessment

An OWASP training app with 62 challenges demonstrating real-world secrets management mistakes and how to find them.

#security-training#vulnerable-app#owasp

Stars1.4k

Forks568

Last commit6 days ago

OWASP NoirCrystal

An AI-powered tool that analyzes source code to discover every endpoint, exposing shadow APIs and mapping the complete attack surface for security testing.

#shadow api#hacktoberfest#endpoints

An advanced Cross-Site Request Forgery (CSRF) audit and exploitation toolkit for security testing.

#python-tool#csrf-attacks#owasp

A security scanner that analyzes agentic AI workflows for vulnerabilities, visualizes their structure, and hardens system prompts.

#agentic-workflow#ai#agentic-ai

Stars976

Forks131

Last commit6 months ago

Security Code ScanC#

A static code analyzer that detects security vulnerabilities in C# and VB.NET applications.

#owasp#analyzer#csharp

Stars974

Forks160

Last commit1 year ago

SecurityHeadersC#

A small ASP.NET Core middleware package for adding and customizing security headers to protect websites.

#csp#hacktoberfest#owasp

Stars839

Forks87

Last commit28 days ago

AntiXSSPHP

A PHP library that sanitizes user input to prevent Cross-Site Scripting (XSS) attacks.

#data-cleaning#hacktoberfest#php-security

Stars709

Forks117

Last commit11 days ago

MARAPython

A comprehensive mobile application reverse engineering and analysis framework for security testing against OWASP mobile threats.

#mobile-security#owasp#apk-analysis

Stars668

Forks177

Last commit6 years ago

owasp-threat-dragon-desktopCSS

A free, open-source, cross-platform desktop application for threat modeling with system diagramming and automated threat generation.

#desktop-application#automated-threats#owasp

A static application security testing (SAST) CLI tool that scans source code for OWASP Top 10 vulnerabilities across multiple programming languages.

#multi-language#owasp#ios-security

Stars552

Forks80

Last commit4 years ago

NWebsecC#

Security libraries for ASP.NET applications that help implement HTTP security headers and other web security best practices.

#owasp#web-security#asp-net-core

Stars548

Forks74

Last commit3 years ago

Strong node.jsJavaScript

An exhaustive security checklist for Node.js web services, focused on Express and Hapi frameworks.

#secure-coding#vulnerability-assessment#owasp

Stars507

Forks28

Last commit2 years ago

Python-HoneypotPython

An open-source Python framework for creating honeypots and honeynets to detect and analyze cyber attacks.

#honeypot#owasp#informationsecurity

Stars480

Forks149

Last commit1 year ago

Juice Shop CTFTypeScript

A CLI tool to export OWASP Juice Shop security challenges into CTFd, RootTheBox, or FBCTF compatible formats.

#security-training#owasp#web-security

Stars473

Forks137

Last commit1 month ago

OwaspHeadersC#

An ASP.NET Core middleware that injects OWASP-recommended HTTP security headers with a single line of code.

#nuget#owasp#web-security

Stars311

Forks40

Last commit11 days ago

aws-firewall-factoryTypeScript

An AWS CDK construct to deploy, update, and stage Web Application Firewalls (WAFs) with central governance via AWS Firewall Manager.

#waf#cdk#devops

Stars256

Forks26

Last commit6 months ago

Flask-BootstrapJavaScript

A Flask app template with integrated SQLAlchemy, authentication, and Bootstrap frontend for building secure web applications.

#owasp#authentication#flask

Stars211

Forks50

Last commit3 years ago

IoTGoatC

A deliberately insecure OpenWrt-based firmware designed to teach IoT security testing through hands-on vulnerability challenges.

#security-training#owasp#hands-on-learning

Stars185

Forks38

Last commit6 years ago

Page 1 of 2Next

Related Tags

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub