Projects

owasp-esapi-java

OWASP ESAPI for Java: Strong, Simple Security Controls for Java Developers Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. The OWASP Enterprise ... [More] Security API (ESAPI) Toolkits help software developers guard against security‐related design and implementation flaws. For more information, please visit our Wiki. You can view the latest version of our Javadocs here. You can see the status of what we are working on for the next release here. Other language versions: PHP .NET Python Classic ASP Cold Fusion Haskell [Less]

OWASP Zed Attack Proxy

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to ... [More] penetration testing as well as being a useful addition to an experienced pen testers toolbox. [Less]

orizon

Orizon is a framework intended to provide tools and facilities to test java sources for security flaws. The main goal is to detect common threats as described in Owasp top 10 vulnerability document.

o2platform

The OWASP O2 Platform is an OWASP Project which is a collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile. The objective is to 'Automate Application Security ... [More] Knowledge and Workflows" The main O2 website is hosted at the OWASP WIKI: http://www.owasp.org/index.php/OWASP_O2_Platform [Less]

zaproxy-test

Test code for the OWASP Zed Attack Proxy

zap-extensions

OWASP ZAP Extensions

NSIA

NSIA (Network System Integrity Analysis) is a web application monitoring system that scans web applications for potentially unwanted context such as defacements, unauthorized changes, errors, information leaks, profanity, compliance issues, etc. Features: * Attractive, simple user interface * ... [More] Easy to install (just drag and drop into a directory) * Customizable definitions/signatures * Automatic website content discovery * Automatic content baselining and self-tuning [Less]

owasp-esapi-php

OWASP ESAPI for PHP: Strong, Simple Security Controls for PHP Developers Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. The OWASP Enterprise ... [More] Security API (ESAPI) Toolkits help software developers guard against security‐related design and implementation flaws. You can find Subversion checkout information here. You can find current assignments here. You can find technical guidance for ongoing work here. Questions/Suggestions? Ask Mike. Other language versions: Java EE .NET Python Classic ASP Cold Fusion Haskell [Less]

Owasp-owtf

OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient, written mostly in Python

owasp-net-content

Central location for documentation and code projects for OWASP .NET