Template:FlagshipProjects

Flagship Projects Projects that have demonstrated strategic value to OWASP and application security as a whole  Tool Projects OWASP Zed Attack Proxy (ZAP) Automatically finds security vulnerabilities in your web applications while you are developing and testing your applications OWASP Web Testing Environment (WTE) A collection of easy-to-use application security tools and documentation available in multiple formats OWASP OWTF Pentesting tool to more efficiently find, verify and combine vulnerabilities in short timeframes OWASP Dependency Check A utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities OWASP Security Shephard A web and mobile application security training platform to foster and improve security awareness among a varied skill-set demographic OWASP DefectDojo An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools OWASP Juice Shop An intentionally insecure webapp for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten and other severe security flaws OWASP Security Knowledge Framework A tool that is used as a guide for building and verifying secure software that can also be used to train developers about application security OWASP Dependency Track A Software Composition Analysis (SCA) platform that keeps track of all third-party components used in all the applications an organization creates or consumes. It monitors all applications in its portfolio in order to proactively identify vulnerabilities in components that are placing your applications at risk  Code Projects OWASP ModSecurity Core Rule Set (CRS) A set of generic attack detection rules for use with ModSecurity or compatible web application firewalls which aims to protect web applications from a wide range of attacks OWASP CSRFGuard A library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks  Documentation Projects OWASP Application Security Verification Standard Provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development OWASP AppSensor A conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into applications OWASP Software Assurance Maturity Model (SAMM) An open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization OWASP Top Ten A powerful awareness document for web application security that represents a broad consensus about the most critical security risks to web applications OWASP Testing Guide Includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues OWASP Cheat Sheet Series The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. OWASP Mobile Security Testing Guide A security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.