Open-Source Unified Vulnerability Management, DevSecOps & ASPM

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

OWASP BLT - Bug Logging Tools

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

OWASP Foundation Web Respository

Public website cyclonedx.org

🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment

OWASP Zed Attack Proxy project landing page.

A living document for penetration testing and offensive security.

A simple web app that helps developers understand the ASVS requirements. Now supporting ASVS 5.0

Conviso Vulnerable Web Application is the OSS project from the Conviso Application Security for the community. The project represents a vulnerable web application to practice security testing and improve your learning in AppSec..

Data and schema powering the worlds largest collection of SBOM/xBOM products, projects, and services

OWASP Code Review Guide Web Repository

Integrates OWASP Zed Attack Proxy reports into SonarQube

OWASP Foundation Threat Dragon Project Web Repository

OWASP Project Developer Guide - Document and Project Web pages