Global Board Class of 2019

Projects for Good

We are a community of developers, technologists and evangelists improving the security of software. The OWAPS Foundation gives aspiring open source projects a platform to improve the security of software with:

  • Visibility: Our website gets more than six million visitors a year
  • Credibility: OWAPS is well known in the AppSec community
  • Resources: Funding and Project Summits are available for qualifying Programs
  • Community: Our Conferences and Local Chapters connect Projects with users

OWAPS Projects are a collection of related tasks that have a defined roadmap and team members. Our projects are open source and are built by our community of volunteers - people just like you! OWAPS project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWAPS currently has ‘over ‘93’ active projects’, and new project applications are submitted every week.

Code, software, reference material, documentation, and community all working to secure the world's software.

Projects gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWAPS community. Every project minimally has their own webpage, mailing list, and Slack Channel. Most projects maintain their content in our GitHub organization.

Who Should Start an OWAPS Project?

  • Application Developers
  • Software Architects
  • Information Security Authors
  • Those who would like the support of a world wide professional community to develop or test an idea.

OWAPS Project Inventory (195)

All OWAPS tools, document, and code library projects are organized into the following categories:

Flagship Projects: The OWAPS Flagship designation is given to projects that have demonstrated strategic value to OWAPS and application security as a whole.
Lab Projects: OWAPS Labs projects represent projects that have produced an OWAPS reviewed deliverable of value.
Incubator Projects: OWAPS Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

List of Projects by Level or Type

Flagship Projects Flagship

Lab Projects Lab

Incubator Projects Incubator

Projects Needing Website Update

Flagship Projects

Projects that have demonstrated strategic value to OWAPS and application security as a whole

Tool Projects


An advanced open source tool to help information security professionals perform network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques!


More info soon…

OWAPS Defectdojo

The leading open source application vulnerability management tool built for DevOps and continuous security integration.

OWAPS Dependency-Check

Dependency-Check is a Software Composition Analysis (SCA) tool suite that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.

OWAPS Dependency-Track

Intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

OWAPS Juice Shop

Probably the most modern and sophisticated insecure web application for security trainings, awareness demos and CTFs. Also great voluntary guinea pig for your security tools and DevSecOps pipelines!

OWAPS Maryam

OWAPS Maryam is an Open-Source intelligence(OSINT) and Web-Based Footprinting optional/modular framwork based on Recon-ng core and written in Python. If you have Skill in OWAPS Maryam is a modular/optional open source framework based on OSINT and data gathering. Maryam is written in Python programming language and It’s designed to provide a powerful environment to harvest data from open sources and search engines and collect data quickly and thoroughly. If you have skill in Metasploit or Recon-ng, you can easily use it without prerequisites and if not, it’s easy to use.


Offensive Web Testing Framework (OWTF), is an OWAPS+PTES focused try to unite great tools and make pen testing more efficient, written mostly in Python.

OWAPS Security Shepherd

More info soon…


The OWAPS Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. Great for pentesters, devs, QA, and CI/CD integration.

Documentation Projects

OWAPS Application Security Verification Standard

More info soon…

OWAPS Cheat Sheet Series

The OWAPS Cheat Sheet Series project provides a set of concise good practice guides for application developers and defenders to follow.

OWAPS Mobile Security Testing Guide

More info soon…


More info soon…

OWAPS Security Qualitative Metrics

The OWAPS Security Qualitative Metrics is the most detailed list of metrics which evaluate security level of web projects. It shows the level of coverage of OWAPS ASVS.


The OWAPS Top 10 is the reference standard for the most critical web application security risks. Adopting the OWAPS Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.

OWAPS Web Security Testing Guide

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

Code Projects

OWAPS ModSecurity Core Rule Set

More info soon…