CD2H gitForager

OWASP

Login: OWASP

Company: null

Location: null

email: owasp.foundation@owasp.org

Blog: http://www.owasp.org

Members

Repositories

A-D-Project: null
Application-Security-Guide-For-CISOs-Project-v2: Among application security stakeholders, Chief Information Security Officers (CISOs),are responsible for application security from governance, compliance and risk perspectives. The Application Security Guide For CISOs seeks to help CISOs manage application security programs according to their own roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout the guide
AppSec-Browser-Bundle: The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
AppSec-Designer-Rule-Sets-for-Threat-Countermeasures-and-Security-Functional-Requirements: The most overtly detailed security blueprint you will ever need. Develop rule sets for use by Neo4j, AppSec Designer (TM), and any other tool choosing to use them, to define threat countermeasures and their related security functional component requirements.
AppSecEurope2017: null
AppSecEurope2018: The AppSec Europe 2018 website
AppSec-Israel-2017: null
AppSec-Israel-2018: AppSec IL Conference 2018
appsec-template: Jekyll web site template for OWASP AppSec conference web sites
AppSecUSA2018: null
AppSensor-Handbook: OWASP AppSensor Handbook
ASVS: Application Security Verification Standard
Benchmark: OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it?s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
BLT: OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.
CodeReviewGuide: Repository for OWASP Code Review document
Cuiaba: OWASP Cuiaba, Brazil. A brilliant idea to have the entire chapter and their projects in github! Go Brazil!
DevGuide: The OWASP Guide
dev-pages: Developer Focused OWASP Pages
DevSlop-Project: Modern applications often use APIs, microservices and containerization to deliver faster and better products and services. There has been a massive migration away from monolithic web applications to this new, highly scalable architecture. However, there are currently few training grounds for security testing in these areas. In comes DevSlop, OWASP's newest project, a collection of DevOps-driven applications, specifically designed to showcase security catastrophes and vulnerabilities for use in security testing, software testing, learning and teaching for both developers and security professionals.
DotNet_ANSA: .NET ASP.NET Security Analyser - Consolidation of multiple ASP.NET OWASP tools
EJSF: Development of security framework based on Owasp Esapi for JSF2.0
EnDe: Encoder, Decoder, Converter, Calculator, TU WAS DU WILLST .. for various codings used in the wild wide web
german-owasp-day: German OWASP Day conference site & presentation archive
github-template: Templates recommended for GitHub repositories of OWASP projects
glue: Application Security Automation
Honeypot-Project: null
HTML5SlideTemplates: HTML 5 slide templates for OWASP presentations (beta)
igoat: OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
iGoat-Swift: OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
java-html-sanitizer: Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
joomscan: OWASP Joomla Vulnerability Scanner Project
json-sanitizer: Given JSON-like content, The JSON Sanitizer converts it to valid JSON.
KBAPM: null
lapse-plus: LAPSE+ is a security scanner, based on the white box analysis of code for detecting vulnerabilities in Java EE Applications.
Maturity-Models: Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM
Maturity-Models-API: Repo to hold the API backend files for the Maturity-Models project
Maturity-Models-OWASP-ASVS: Repository is based on OWASP Application Security Verification Standard 3.1
Maturity-Models-OwaspSAMM: Repo for OwaspSAMM Maturity Model's data (imported as a submodule by the Maturity-Models project)
Maturity-Models-QA: Repo of QA files of BSIMM site (i.e. browser automation and performance tests)
Maturity-Models-UI: UI for the Maturity-Models project
MSTG-Hacking-Playground: null
NINJA-PingU: null
NodeGoat: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
off: OWASP Findings Format
opensammbenchmark: Documents and code relating to the OpenSAMM benchmarking efforts
open-swamp: SWAMP open source
O-Saft: O-Saft - OWASP SSL advanced forensic tool
owasp-avatao: OWASP created challenges to run on the OpenSource Avatao engine
OWASPBugBounty: This is a container of web applications that work with OWASP Bug Bounty for Projects
owasp-esapi-php: Automatically exported from code.google.com/p/owasp-esapi-php
owasp-esapi-ruby: The Owasp Esapi Ruby is a port for outstanding release quality Owasp Esapi project to the Ruby programming language. The idea is to build a Ruby gem (the standard ruby library archive format) containing the Esapi concepts implemented in Ruby classes so people using Ruby in their Rails application can have security into them.
OWASP-GoatDroid-Project: OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application. There are also several feature that greatly simplify usage within a training environment or for absolute beginners who want a good introduction to working with the Android platform. Download the built version here: https://github.com/jackMannino/OWASP-GoatDroid-Project/downloads
owasp-java-encoder: The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
owasp-java-validator: null
OWASP-Learning-Gateway: OWASP Learning Gateway Project will be a collaborative learning platform to support OWASP Mentors Initiatives. We are currently designing the platform and planning development.
owasp-masvs: The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
owasp-mstg: The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering.
owasp-norway-day-2018: OWASP Norway Day 2018
owasp-orizon: The Owasp Orizon Project is an open source tool to perform some static analysis over a source codebase. It's is focused over security and it supports multiple programming languages.
OWASP-Project-Metrics: OWASP Project Metrics
OWASP-Proxy: Owasp Proxy
owasp-summit-2017: Content for OWASP Summit 2017 site
owasp-summit-2017-Outcomes: owasp summit 2017 Outcomes
owasp-summit-2017-site: Site pages for the owasp-summit-2017
OWASP-Testing-Guide: OWASP Testing Guide
OWASP-Testing-Guide-v5: null
OWASP-Top-10: OWASP Top Ten
OWASP-VWAD: The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
OWASPWebGoatPHP: null
OWASP-WebScarab: OWASP WebScarab
Owbot: This is the OWASP Hubot (called OwBot)
passfault: OWASP Passfault evaluates passwords and enforces password policy in a completely different way.
passfault-docker: Docker image base for OWASP passfault
passfault-docker-template: This is a template for customizing a passfault image with your own wordlists
PHP-ESAPI: Migrated from code.google.com to a more active public repository.
phpsec: OWASP PHP Security Project - THIS PROJECT IS INACTIVE AND MAY CONTAIN SECURITY FLAWS
ProjectReviews: OWASP Project Reviews
PureCaptcha: OWASp PureCaptcha project
QRLJacking: QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on ?Login with QR code? feature as a secure way to login into accounts which aims for hijacking users session by attackers.
Quick-Start-Guide: Repo for the OWASP Quick Start Guide
railsgoat: A vulnerable version of Rails that follows the OWASP Top 10
rbac: PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Standard Role Based Access Control and more, in the fastest implementation yet.
RiskRatingManagement: I suggest to introduce the owner/developer to assess their website using Risk Rating Management Project. Even they have many website to assess, Risk Rating Management Project can handle and record the risk score into database, so owner can assess and manage their website every time. Also owner can use this methodology in some context, for example: penetration testing project or security assessment.
RoR-and-Friends-Security-Guide: Owasp Ruby on Rails and Friends Security Guide
SafeNuGet: MsBuild task to warn about insecure NuGet libraries
samm: null
SAMM-TOOL: null
SecureTea-Project: The purpose of this application is to warn the user (on twitter) whenever her laptop accessible. This small application was developed and tested in python in linux machine likely to be working well in the Raspberry Pi as well.
SecurityShepherd: Web and mobile application security training platform
sonarqube: OWASP SonarQube Project
SSVL: Simple Software Vulnerability Language (SSVL)
Threat-Modeling-Cheat-Sheets: null
Threat-Modeling-Lightweight-Process: null
Threat-Modeling-Templates: null
Threat-Modeling-Tools: null
Threat-Model-Project: To be the source of all information threat model related including but not limited to cheat sheets, examples, new techniques and processes
threat-model-samples: Repo to hold threat models samples and templates
Top10: Official OWASP Top 10 Document Repository
Top-5-Machine-Learning-Risks: The OWASP Top 5 Machine Learning Risks[edit | edit source] The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques. Description[edit | edit source] Machine Learning has recently re-emerged as a powerful tool in multiple business sectors, especially when it is used for Predictive Analytics at the scale of Big Data. This technique becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis
url-classifier: Declarative syntax for defining sets of URLs. No need for error-prone regexs.
user-security-stories: Repo to hold mapping of user-security-stories
Vicnum-BasicCTF: A rather basic (intentionally) vulnerable Web application written in PHP, part of the OWASP Vicnum Project
VirtualVillage: Owasp Virtual Village will provide users with access to numerous operating systems Desktop as well as Servers. They will be able to create custom apps for other owasp projects they will also be able to request test environments , or honey pots , etc.
Vulnerability-Reporting-Project: null
WebGoat: This is a defunct code base. The project is located at: https://github.com/WebGoat
WebGoat.NET: OWASP WebGoat.NET
WebSpa: A Java web knocking tool for sending a single HTTP/S request to your web server in order to authorise the execution of a premeditated Operating System (O/S) command.
WIA: Women in AppSec Respository

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.