OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

Risk Management for Information Security

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +37 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber and so much more

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

A demo repository of simple OWASP Top 10 type of vulnerabilities in (mostly) Python. Includes an exploration of GHAS features.

Non-official write up for the Juice-Shop CTF

secureCodeBox (SCB) - continuous secure delivery out of the box

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Core functionality of OWASP CycloneDX for JavaScript (Node.js or WebBrowser) written in TypeScript.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Integrates Dependency-Check reports into SonarQube

DevSecOps, ASPM, Vulnerability Management. All on one platform.

Helm charts maintained and used by the MMS Technology team.

OWASP CRS (Official Repository)

Enterprise ready REST API microservice in golang

End to End testing of Web, API, Cloud, Events and Security

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

The OWASP Secure Headers Project