Repositories

OWASP repositories

35 supported repositories

Application Security Verification Standard

Last commit Oct 17, 2023

 (2,324 stars) (586 forks) (0 indexed issues) (0 open good first issues)

Last commit Jan 22, 2020

 (4 stars) (2 forks) (0 indexed issues) (0 open good first issues)

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Last commit Apr 6, 2024

 (26,342 stars) (3,703 forks) (0 indexed issues) (0 open good first issues)

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Last commit May 8, 2023

 (2,338 stars) (630 forks) (1 indexed issue) (1 open good first issue)

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

Last commit Jan 17, 2024

 (1,794 stars) (1,526 forks) (3 indexed issues) (3 open good first issues)

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

Last commit Aug 7, 2025

 (1,542 stars) (653 forks) (1 indexed issue) (1 open good first issue)

Last commit Nov 28, 2018

 (0 stars) (0 forks) (0 indexed issues) (0 open good first issues)

Last commit Sep 12, 2022

 (6 stars) (6 forks) (0 indexed issues) (0 open good first issues)

Last commit Jul 30, 2022

 (6 stars) (5 forks) (0 indexed issues) (0 open good first issues)

Official OWASP Top 10 Document Repository

Last commit Nov 10, 2023

 (3,906 stars) (800 forks) (0 indexed issues) (0 open good first issues)

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

Last commit Apr 30, 2026

 (32 stars) (11 forks) (0 indexed issues) (0 open good first issues)
OWASP/cwe-toolJavaScript

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

Last commit Apr 30, 2026

 (63 stars) (23 forks) (0 indexed issues) (0 open good first issues)

Kubernetes Security Testing Guide

Last commit Jun 24, 2020

 (26 stars) (5 forks) (0 indexed issues) (0 open good first issues)

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

Last commit Dec 18, 2025

 (12,605 stars) (2,597 forks) (0 indexed issues) (0 open good first issues)

Last commit Jun 30, 2020

 (35 stars) (20 forks) (0 indexed issues) (0 open good first issues)

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

Last commit Nov 17, 2025

 (536 stars) (123 forks) (0 indexed issues) (0 open good first issues)

A documentation and tracking project with the goal of making package management systems more secure.

Last commit Mar 5, 2021

 (52 stars) (12 forks) (0 indexed issues) (0 open good first issues)

A vulnerable version of Rails that follows the OWASP Top 10

Last commit Aug 19, 2023

 (836 stars) (584 forks) (0 indexed issues) (0 open good first issues)

Vulnerable app with examples showing how to not use secrets

Last commit May 19, 2026

 (1,442 stars) (568 forks) (0 indexed issues) (0 open good first issues)

Run Capture the Flags and Security Trainings with OWASP WrongSecrets

Last commit May 19, 2026

 (55 stars) (20 forks) (0 indexed issues) (0 open good first issues)