Repositories list

• cornucopia

  Public

  OWASP/cornucopia’s past year of commit activity
  The source files and tools needed to build the OWASP Cornucopia decks in various languages

  cardgamegamescard-games+ 6owaspgamificationgameserverthreat-modelingappsecrequirements-analysis

  Python

  •

  Creative Commons Attribution Share Alike 4.0 International

  •75•115•55•34•Updated Mar 3, 2026Mar 3, 2026

• CheatSheetSeries

  Public
  The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

  securitycodebest-practices+ 4owaspapplication-securityappseccheatsheets

  Python

  •

  Creative Commons Attribution Share Alike 4.0 International

  •4.4k•31k•51•14•Updated Mar 3, 2026Mar 3, 2026

• Nest

  Public

  OWASP/Nest’s past year of commit activity
  Your gateway to OWASP. Discover, engage, and help shape the future!

  reactpythongraphql+ 10djangotypescriptrestnextjsgsoctailwindcsstypescript-react+ 3

  Python

  •

  MIT License

  •555•394•258•78•Updated Mar 3, 2026Mar 3, 2026

• owasp.github.io

  Public
  OWASP Foundation main site repository

  HTML

  •

  Creative Commons Attribution Share Alike 4.0 International

  •311•633•2•1•Updated Mar 3, 2026Mar 3, 2026

• AISVS

  Public
  Creative Commons Attribution Share Alike 4.0 International

  •31•56•4•0•Updated Mar 3, 2026Mar 3, 2026

• Nettacker

  Public
  Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

  pythonsecurityautomation+ 17scannerbruteforceowasppenetration-testingpentestingreconcve+ 10

  Python

  •

  Apache License 2.0

  •1k•4.9k•50•85•Updated Mar 3, 2026Mar 3, 2026

• nest-schema

  Public

  OWASP/nest-schema’s past year of commit activity
  OWASP Schema

  pythonschemajson-schema+ 4owaspmkdocsyaml-schemaowasp-nest

  Python

  •

  MIT License

  •10•6•364•0•Updated Mar 3, 2026Mar 3, 2026

• wstg

  Public

  OWASP/wstg’s past year of commit activity
  The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

  securityguidebest-practices+ 8hackingowasppenetration-testingapplication-securitypentestingbugbountyappsec+ 1

  Creative Commons Attribution Share Alike 4.0 International

  •1.6k•8.9k•45•8•Updated Mar 3, 2026Mar 3, 2026

• nest-sdk-typescript

  Public
  OWASP Nest API TypeScript SDK

  TypeScript

  •

  MIT License

  •3•1•0•1•Updated Mar 3, 2026Mar 3, 2026

• nest-sdk-python

  Public

  OWASP/nest-sdk-python’s past year of commit activity
  OWASP Nest API Python SDK

  Python

  •

  MIT License

  •3•2•0•1•Updated Mar 3, 2026Mar 3, 2026

• www-chapter-new-york-city

  Public
  OWASP Foundation Web Respository

  HTML

  •6•2•0•2•Updated Mar 3, 2026Mar 3, 2026

• nest-sdk

  Public

  OWASP/nest-sdk’s past year of commit activity
  OWASP Nest API Go SDK

  Go

  •

  MIT License

  •3•0•0•1•Updated Mar 3, 2026Mar 3, 2026

• www-project-hactu8

  Public
  OWASP Foundation web repository

  HTML

  •

  Other

  •2•0•28•0•Updated Mar 2, 2026Mar 2, 2026

• wrongsecrets-ctf-party

  Public
  Run Capture the Flags and Security Trainings with OWASP WrongSecrets

  gitdockerkubernetes+ 6awssecurityctftraining-materialsctfdhacktoberfest

  JavaScript

  •

  Apache License 2.0

  •172•55•7•20•Updated Mar 2, 2026Mar 2, 2026

• basconf

  Public
  Boston Application Security Conference

  HTML

  •1•2•0•1•Updated Mar 2, 2026Mar 2, 2026

• www-chapter-jis-university-student-chapter

  Public
  OWASP Foundation web repository

  HTML

  •1•4•0•0•Updated Mar 2, 2026Mar 2, 2026

• www-project-ai-security-and-privacy-guide

  Public

  OWASP/www-project-ai-security-and-privacy-guide’s past year of commit activity
  OWASP Foundation Web Respository

  HTML

  •93•356•11•4•Updated Mar 2, 2026Mar 2, 2026

• ASVS

  Public
  Application Security Verification Standard

  HTML

  •

  Creative Commons Attribution Share Alike 4.0 International

  •799•3.4k•86•6•Updated Mar 2, 2026Mar 2, 2026

• www-project-secure-headers

  Public
  The OWASP Secure Headers Project

  httpsecurityweb+ 4owaspsecureheadersappsec

  Python

  •

  Apache License 2.0

  •45•186•1•1•Updated Mar 2, 2026Mar 2, 2026

• www-project-vulnerable-web-applications-directory

  Public

  OWASP/www-project-vulnerable-web-applications-directory’s past year of commit activity
  The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currentl…

  owaspappsecwebappsec+ 3vulnerable-web-appvulnerable-web-applicationvulnerable-applications

  JavaScript

  •

  Creative Commons Attribution Share Alike 4.0 International

  •45•81•1•0•Updated Mar 2, 2026Mar 2, 2026

• OpenCRE

  Public
  securitysecurity-auditstandards

  Python

  •

  Creative Commons Zero v1.0 Universal

  •88•144•77•39•Updated Mar 2, 2026Mar 2, 2026

• www-chapter-innsbruck

  Public
  OWASP Foundation web repository

  HTML

  •1•0•0•2•Updated Mar 2, 2026Mar 2, 2026

• mas-website

  Public
  The OWASP Mobile Application Security Project website is the central hub for industry-leading standards, guides, and resources—helping developers and security p…

  TypeScript

  •

  Creative Commons Attribution Share Alike 4.0 International

  •7•6•4•5•Updated Mar 2, 2026Mar 2, 2026

• crAPI

  Public

  OWASP/crAPI’s past year of commit activity
  completely ridiculous API (crAPI)

  apiowasphacktoberfest+ 1apisecurity

  Java

  •

  Apache License 2.0

  •528•1.4k•28•21•Updated Mar 2, 2026Mar 2, 2026

• wrongsecrets

  Public
  Vulnerable app with examples showing how to not use secrets

  javadockerkubernetes+ 16awssecurityvaultazuregcpsecretsowasp+ 9

  Java

  •

  GNU Affero General Public License v3.0

  •531•1.4k•27•10•Updated Mar 2, 2026Mar 2, 2026

• OWASP-VWAD

  Public

  OWASP/OWASP-VWAD’s past year of commit activity
  :warning: This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory

  owaspvulnerableappsec+ 2vulnerable-web-appvulnerable-web-application

  Apache License 2.0

  •219•884•0•0•Updated Mar 2, 2026Mar 2, 2026

• mastg

  Public
  The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes tech…

  androidiosstatic-analysis+ 16reverse-engineeringhackingmobile-appandroid-applicationios-appdynamic-analysispentesting+ 9

  Python

  •

  Creative Commons Attribution Share Alike 4.0 International

  •2.7k•13k•191•58•Updated Mar 2, 2026Mar 2, 2026

• threat-dragon

  Public
  An open source threat modeling tool from OWASP

  owaspthreat-modelingsdlc+ 2threat-dragonowasp-threat-dragon

  JavaScript

  •

  Apache License 2.0

  •349•1.3k•78•3•Updated Mar 2, 2026Mar 2, 2026

• www-project-proactive-controls

  Public

  OWASP/www-project-proactive-controls’s past year of commit activity
  OWASP Foundation Web Respository

  Shell

  •

  Creative Commons Attribution Share Alike 4.0 International

  •76•165•6•2•Updated Mar 2, 2026Mar 2, 2026

• DevGuide

  Public
  The OWASP Developer Guide

  owaspowasp-developer-guide

  Creative Commons Attribution Share Alike 4.0 International

  •403•2.1k•9•1•Updated Mar 1, 2026Mar 1, 2026