The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

A small collection of vulnerable code snippets

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submissio…

Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

secureCodeBox (SCB) - continuous secure delivery out of the box

OWASP Foundation Web Respository

A generic skeleton project for quickly getting a new cisagov project started.

GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

OSS-Fuzz - continuous fuzzing for open source software.

The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI systems.

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Enrich SBOMs with data from third party services

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Rack middleware for blocking & throttling

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀