OWASP Project Inventory
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
IDProposed Project StatusProject NameProject TypeProject LicenseOWASP Mailman Mailing ListProject Wiki PageProject Leader(s) (if exists)Project Leader Email(s) (if exists)Project Description (if available)Contains QuotesNotesProject Short NameProject Short Name LengthSummary
87IOPACodeAffero GNU Public Licenseowasp-opa-projecthttps://www.owasp.org/index.php/OpaHenri Binsztok,
Adam Koprowski
Henri.Binsztok@mlstate.com, Adam.Koprowski@mlstate.comUsher in a new generation of web development tools and methodologies.opa3A language for writing distributed web applications
14AOWASP Google Hacking ProjectToolApache License V2.0owasp-google-hackinghttps://www.owasp.org/index.php/Category:OWASP_Google_Hacking_ProjectChristian Heinrichchristian.heinrich@owasp.org"Download Indexed Cache" is a Proof of Concept (PoC) which implements the Google SOAP Search API to retrieve content indexed within the Google Cache and supports the "Search Engine Reconnaissance" section of the OWASP Testing Guide v3.google-hacking14A Perl script that invokes Google's deprecated SOAP Search API
15AOWASP Insecure Web App ProjectToolApache License V2.0NONEhttps://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_ProjectORPHANInsecureWebApp is a web application that includes common web application vulnerabilities.insecure-webapp15A web application that includes common web application vulnerabilities
54FOWASP ModSecurity Core Rule Set ProjectCodeApache License V2.0owasp-modsecurity-core-rule-sethttps://www.owasp.org/index.php/Projects/OWASP_ModSecurity_Core_Rule_Set_ProjectRyan BarnettRyan.Barnett@owasp.orgModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the "Swiss Army Knife of web application firewalls." While this is certainly true, it doesn't do much implicitly on its own and requires rules to tell it what to do. In order to enable users to take full advantage of ModSecurity out of the box, we have developed the Core Rule Set (CRS) which provides critical protections against attacks across most every web architecture.modsec-crs10A project to document and develop the ModSecurity Core Rule Set
61FOWASP Zed Attack ProxyToolApache License V2.0NONEhttps://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_ProjectPsiinonpsiinon@gmail.comThis project provides an easy to use integrated penetration testing tool for testing web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. zap3An easy to use integrated proxy tool for testing web applications
130LOWASP Hackademic Challenges ProjectToolApache License V2.0owasp-hackademic-challengeshttps://www.owasp.org/index.php/OWASP_Hackademic_Challenges_ProjectAnastasios Stasinopoulos, Konstantinos Papapanagiotouanast@owasp.gr, konstantinos@owasp.orgThe Hackademic Challenges is an open source project that can be used to test and improve one's knowledge of web application security.hackademic10An learning tool to exploit vulnerabilities in a realistic application
141LOWASP O2 PlatformToolApache License V2.0owasp-o2-platformhttps://www.owasp.org/index.php/OWASP_O2_PlatformDinis Cruzdinis.cruz@owasp.orgCollection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile.o2-platform11A framework to automate testing through creation of scripted workflows
216IOWASP Data Exchange Format ProjectDocumentApache License V2.0owasp-data-exchange-formathttps://www.owasp.org/index.php/OWASP_Data_Exchange_Format_ProjectPsiinon, Dinis Cruzpsiinon@gmail.com, dinis.cruz@owasp.org To define an open format for exchanging data between pentest tools.data-exchange13An open format for exchanging data between pentest tools
219IOWASP SIMBA ProjectToolApache License V2.0owasp-simba-projecthttps://www.owasp.org/index.php/OWASP_SIMBA_ProjectKoen Vanderloockkoen.vanderloock@owasp.orgThis a User Access Management system that can be integrated with any business application.simba5A user access management system for business applications
220IOWASP VFW ProjectToolApache License V2.0owasp-vfw-projecthttps://www.owasp.org/index.php/OWASP_VFW_ProjectEduardo S. Scarpelliniscarpellini@gmail.comThe purpose of this project is to mitigate web applications threats using Varnish which is a modern, very flexible and scalable reverse-proxy system which supports VCL, a wonderful domain-specific language to deal with HTTP vfw3A web application firewall that supports VCL
226IOWASP File Hash ReposotoryToolApache License V2.0https://www.owasp.org/index.php/OWASP_File_Hash_RepositoryLucas C. Ferreiralucas.ferreira@owasp.orgThe goal of this project is to build a repository of hashes of executable and source files. This repository can then be queried by clients to determine the status os of files based on their hashes. Some statuses are GOOD, MALWARE, SOURCE CHECKED, etc. This repository can consolidate several available sources (NIST, MHR, VirusTotal, etc) and provide better query capabilities.file-hash9A repository of file hashes to recognize known malware
223MOWASP ESAPI Perl ProjectToolArtistic License 2.0owasp-esapi-perlhttps://www.owasp.org/index.php/OWASP_ESAPI_Perl_ProjectSterling Hanenkampsterling@hanenkamp.comProvides a Perl implementation of the OWASP Enterprise Security API. Once the major components have been written, this will be released on CPAN0
236IOWASP Path TraverserTool ProjectAttribution-NonCommercial-NoDerivs 3.0 Unported (CC BY-NC-ND 3.0OWASP_Path_Traverserhttps://www.owasp.org/index.php/OWASP_Path_TraverserTal MelamedTal.Melamed@owasp.orgPath Traverser is a tool for security testing of web applications.
It simulates a real Path Traversal attack, only with actual existing files.

It operates as a middleman between the web application to its host server, which gives the abillity to test the actual files as found in the host server against the application, according to their relevant path.

After you have provided the relevant details, Path Traverser will connect (FTP) to your host server in order to pull out the list of files.
Then, it manipulates the list taken from the file system so it will fit the web application by changing their paths.

If your application could be found at: http://mysrvr:777/home
and the application files could be found in the file system under: myapps/demoapp/client/version/lastversion/, requests for files under: /myapps/demoapp/client/version/1.1/ will be created as: http://mysrvr:777/home/../1.1/ and requests for files under/myapp/differentapp/files/ will be created as: http://mysrvr:777/home/../../../../differentapp/files/, etc...

After that, the Path Traverser will start sending these requests one by one and log the results by the HTTP Response code selected.

A configuration for excluding/including specific file types is available.
17AOWASP JSP Testing Tool ProjectToolBSD Licenseowasp-jsp-testing-tool-projecthttps://www.owasp.org/index.php/Category:OWASP_JSP_Testing_Tool_ProjectJason Lijason.li@owasp.orgThe goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offersjsp-test-tool13A tool to determine injection vulnerabilities in a JSP tag library
45FOWASP AntiSamy ProjectCodeBSD Licenseowasp-antisamyhttps://www.owasp.org/index.php/Category:OWASP_AntiSamy_ProjectArshan Dabirsiaghiarshan.dabirsiaghi@aspectsecurity.comThis is an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacksantisamy8An API for validating rich HTML/CSS to prevent XSS/phishing attacks
51FOWASP CSRFGuard ProjectToolBSD Licenseowasp-csrfguardhttps://www.owasp.org/index.php/Category:OWASP_CSRFGuard_ProjectEric Sheridaneric.sheridan@owasp.orgCross-Site Request Forgery (CSRF) is an attack whereby the victim is tricked into loading information from or submitting information to a web application for which they are currently authenticated. The problem is that the web application has no means of verifying the integrity of the request. The OWASP CSRFGuard Project attempts to address this issue through the use of unique request tokens.csrfguard9A Java filter to add unique request tokens to mitigate CSRF attacks
53FOWASP Enterprise Security APICodeBSD Licenseesapi-usershttps://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_APIJeff Williamsjeff.williams@owasp.orgESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.esapi5A collection of security methods needed to build secure applications.
103IOWASP Java Encoder ProjectCodeBSD Licenseowasp-java-encoder-projecthttps://www.owasp.org/index.php/OWASP_Java_Encoder_ProjectJeff Ichnowskijeff.ichnowski@gmail.comThis project is a simple-to-use drop-in encoder class with little baggage. java-encoder12A drop-in high performance encoding library for Java
104IOWASP Java HTML Sanitizer ProjectToolBSD Licenseowasp-java-html-sanitizerhttps://www.owasp.org/index.php/OWASP_Java_HTML_SanitizerMike Samuel, Jim Manicomsamuel@google.com, jim@owasp.orgThis is a fast Java-based HTML Sanitizer which provides XSS protection.java-html-sanit15A fast Java-based HTML Sanitizer which provides XSS protection
116IOWASP WhatTheFuzz ProjectToolBSD License/owasp-whatthefuzz-projecthttps://www.owasp.org/index.php/OWASP_WhatTheFuzz_Project#tab=Project_AboutJoe Basiricojbasirico@securityinnovation.comAn easy to use, easy to get started fuzzer for websites.whatthefuzz11A fuzzer for websites
127LOWASP Fiddler Addons for Security Testing ProjectToolBSD Licenseowasp-fast-projecthttps://www.owasp.org/index.php/OWASP_Fiddler_Addons_for_Security_Testing_ProjectChris Weberchris.weber@owasp.orgThe OWASP Fiddler Addons for Security Testing Project (aka OWASP FAST) is the umbrella for two complementary projects:
Watcher Project - a passive vulnerability scanner,
X5s Project - an active XSS testing and input/output encoding detection.
fast-project12A collection of security testing addons for the Fiddler HTTP Proxy
134LOWASP Java XML Templates ProjectToolBSD Licenseowasp-java-xml-templateshttps://www.owasp.org/index.php/OWASP_Java_XML_Templates_ProjectJeff Ichnowskijeff.ichnowski@gmail.comA fast and secure XHTML-compliant template language that runs on a model similar to JSP.java-xml-tmpl13A fast and secure XHTML-compliant template language similar to JSP
135LOWASP JavaScript Sandboxes ProjectToolBSD Licenseowasp-jsreg-projecthttps://www.owasp.org/index.php/OWASP_JavaScript_SandboxesGareth Heyesgazheyes@gmail.comTo produce a simplified version of Javascript by using regular expressions to remove dangerous functionality and then use Javascript itself to evaluate the results.There are three 'sub'-projects: OWASP JSReg + OWASP HTMLReg + OWASP CSSReg.jsreg-project13JavaScript version that uses regexes to remove dangerous functionality
162MOWASP Classic ASP Security ProjectBSD Licenseowasp-classic-asp-security-projecthttps://www.owasp.org/index.php/Classic_ASP_Security_ProjectJuan Carlos Calderonjohnccr@yahoo.comThis project aims to create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries.Should be merged into ESAPI.NET0
222IOWASP WAF ProjectToolBSD Licenseowasp-wafhttps://www.owasp.org/index.php/OWASP_WAF_ProjectJuan Carlos Calderonjuan.calderon@owasp.orgthis is a ModSecurity endorsed Port of their Language Specification (Level 1) for Java and .NET based on the contribution to ESAPI-Java by Arshan Dabirsiaghi.waf3An ESAPI-based web application firewall that uses ModSecurity rules
232IOWASP OWTFTool ProjectBSD Licenseowasp_owtfhttps://www.owasp.org/index.php/OWASP_OWTFAbraham ArangurenAbraham.Aranguren@owasp.orgThe Offensive (Web) Testing Framework is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.
Please see:
154LOWASP Yasca ProjectToolBSD/GPLowasp-yasca-projecthttps://www.owasp.org/index.php/Project_Information:template_Yasca_ProjectMichael Scovettamichael.scovetta@gmail.comYasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source codeyasca-project13A code scanning tool combines tools such as FindBugs, PMD, Lint, etc.
120LOWASP AppSec Tutorial SeriesDocumentationCreative Commons Attribution NonCommercial License V2.0NONEhttps://www.owasp.org/index.php/OWASP_Appsec_Tutorial_SeriesJerry Hoffjerry@owasp.orgThe OWASP Appsec Tutorial Series breaks down security concepts in a easily accessible, friendly way. Each video is 5-10 minutes long and highlights a different security concept, tool or methodology.Mediaappsec-tutorial15A series to break down security concepts in easy to understand videos
229IOWASP Proactive ControlsDocumentCreative Commons Attribution ShareAlike 3.0 Licenseowasp_proactive_controls@lists.owasp.orghttps://www.owasp.org/index.php/OWASP_Proactive_ControlsAndrew van der Stockvanderaj@owasp.orgA Top 10 like document, phrased in a positive, testable manner that describes the Top 10 controls architects and developers should absolutely, 100% include in every project. Formerly known as OWASP Top 10 Defenses
231IOWASP OctoMSCode ProjectCreative Commons Attribution ShareAlike 3.0 Licenseowasp_octomshttps://www.owasp.org/index.php/OWASP_OctoMSValentino Radosavlevicivalentino.radosavlevici@owasp.orgOctoMS is a free open-source PHP Framework designed on the MVC pattern that focuses on delivering useful debugging information and both offline & online documentation inside the application that is being developed through an intuitive AJAX interface.
240IOWASP Mantra OSTool ProjectCreative Commons Attribution ShareAlike 3.0 LicenseOWASP_Mantra_OShttps://www.owasp.org/index.php/OWASP_Mantra_OSGregory DisneyGregory.Disney@owasp.orgChromium OS is a safe, fast and secure sand-boxed OS. This makes it ideal to continue on the OWASP Mantra security toolkit project by completing it as an operating system.
244IOWASP Crossword of the MonthDocument ProjectCreative Commons Attribution ShareAlike 3.0 License OWASP_Crossword_of_the_Monthhttps://www.owasp.org/index.php/OWASP_Crossword_of_the_MonthReef D'SouzaReef.DSouza@owasp.orgWe at MyAppSecurity plan on releasing fun application security related quizzes and crosswords which would help educate application developers and security professionals alike in a fun way.

I believe that this project will reach out to a bigger audience if it involved the OWASP community. I would like to lead an OWASP Crossword of the Month project which can be promoted via the OWASP Newsletter and other outlets.
245IOWASP University ChallengeEducationCreative Commons Attribution ShareAlike 3.0 License OWASP_University_Challengehttps://www.owasp.org/index.php/OWASP_University_ChallengeMartin Knoblochmartin.knobloch@owasp.orgAs first time organized at the OWASP AppSec-US 2011 in Minneapolis, this project is to enable "attack & defend" challenges.
First, at OWASP AppSec conferences, later also to enable this outside AppSec conferences.
246IOWASP Hacking-LabEducationCreative Commons Attribution ShareAlike 3.0 License OWASP_Hacking_Labhttps://www.owasp.org/index.php/OWASP_Hacking_LabMartin Knoblochmartin.knobloch@owasp.orgThe current OWASP Hacking-Lab challenge (https://www.hacking-lab.com/Remote_Sec_Lab/free-owasp-top10-lab.html) is a great succes!
Currently, there is one challenge, the OWASP TopTen with currently 1164 registered users and +500 solutions send in and verified by the OWASP teachers!
Goal is to provide an open and transperent process about the challenges, the teachers and continiously working on extending the available challenges.
239IOWASP Xenotix XSS Exploit FrameworkTool ProjectCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_Xenotix_XSS_Exploit_Frameworkhttps://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_FrameworkAjin AbrahamAjin.Abraham@owasp.orgXenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner. It provides a penetration tester the ability to test all the possible XSS payloads available in the payload list against a web application with ease. The tool supports both manual mode and automated time sharing based test modes. It includes a XSS encoder, a victim side keystroke logger, and an Executable Drive-by downloader.
7AOWASP Best Practices: Use of Web Application FirewallsDocumentationCreative Commons Attribution ShareAlike License V2.0owasp-firewalls-projecthttps://www.owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Application_FirewallsOWASP German Chapter, Achim HoffmannGeorg.Hess@artofdefence.com, achim@owasp.orgThe document is aimed primarily at technical decision-makers, especially those responsible for operations and security as well as application owners (specialist department, technical application managers) evaluating the use of a WAF. Special attention has been paid - wherever possible - to the display of work estimates - including in comparison to possible alternatives such as modifications to the source code.Need to follow up regarding leaderfirewalls9Information about using and evaluating web application firewalls
3IOWASP Application Security Requirements ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-appsec-requirementshttps://www.owasp.org/index.php/Category:OWASP_Application_Security_Requirements_ProjectLuis Martinez Bachaluismartinezbacha@owasp.orgThe intent of this project is to assemble a useful base of generic/common web application security requirements that could be used in most projects.appsec-reqs11A set of generic web application security requirements
5AOWASP ASDR ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-asdr-projecthttps://www.owasp.org/index.php/AsdrLeonardo Cavallari Militellileonardocavallari@gmail.comThis project is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved.We really need to preserve this project -- it is what the Wiki *should* beasdr-project12A reference for common application security terms and concepts
6AOWASP Backend Security ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-backend-securityhttps://www.owasp.org/index.php/Category:OWASP_Backend_Security_ProjectCarlo Pelliccionicarlo.pelliccioni@gmail.comThis project aims to improve and to collect the existent information about the backend security. The project is composed by three sections (security development, security hardening and security testing). The aim is to define the guidelines for the companies and IT professionals working in the security field into processes development and back-end components management/testing in the enterprise architecture.backend-sec11A collection of information about backend security
18AOWASP LiveCD Education ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-live-cd-educationhttps://www.owasp.org/index.php/Category:OWASP_LiveCD_Education_ProjectJosh Sweeneyspyroinc@gmail.comThe objective is to produce multiple quality instructor led video tutorials and text tutorials that educate users on using the LiveCD 2007 and tools within. This will also include in assisting to make sure that the LiveCD 2007 is not only an array of tools but a powerful medium for education.livecd-edu10Collection of the best open source security projects in a single disk
19AOWASP Logging GuideDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-logginghttps://www.owasp.org/index.php/Category:OWASP_Logging_ProjectMarc Chisinevskimarc.chisinevski@gmail.comProvide tools for software developers in order to help them define and provide meaningful logs
Provide code audit tools to ensure that log messages are consistent and complete (content, format, timestamps)
Facilitate the integration of logs from different sources
Facilitate attack reconstruction
Facilitate information sharing around security events
logging7Guidance about application logging principles
22AOWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp ProjectToolCreative Commons Attribution ShareAlike License V3.0owasp-enigform-and-mod-openpgphttps://www.owasp.org/index.php/Category:OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgpArturo 'Buanzo' Busleimanbuanzo@buanzo.com.arThe goal of this project is to focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP.enigform8An authentication extension (mod_openpgp) to blend HTTP and OpenPGP
27AOWASP Ruby on Rails Security Guide V2DocumentationCreative Commons Attribution ShareAlike License V3.0owasp-ruby-on-rails-v2https://www.owasp.org/index.php/Category:OWASP_Ruby_on_Rails_Security_Guide_V2Heiko Webers42@bauland42.deThe Ruby on Rails Security Project is the one and only source of information about Rails security topics, and I keep the community up-to-date with blog posts and conference talks in Europe. The Guide and the Project has been mentioned in several Rails books and web-sitesNo activity since 2009ruby-guide10A guide to Ruby on Rails security topics
33AOWASP Source Code Flaws Top 10 ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-source-code-flaws-top-10https://www.owasp.org/index.php/Category:OWASP_Source_Code_Flaws_Top_10_ProjectPaolo Peregothesp0nge@gmail.comThis project is about giving a taxonomy to describe the categories of the most dangerous security flaws you can find during a code review. For dynamic code review (web based application ethical hacking) the original Owasp Top 10 is the must have over each desk, in order to manage all the findings during the reporting phase. With the Source code flaws Top 10, you will have the same document but focused to source code. No apparent activity since 2008.top10-srccode13A listing of common security code flaws found in applicaitons
34NOWASP Source Code Review for OWASP-Projects ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-scode-review-owasp-projectshttps://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_ProjectDan Cornelldan.cornell@owasp.orgThe objectives of this project are: 1. Develop and document a workflow for FLOSS projects to incorporate static analysis into the Software Development Life Cycle (SDLC); 2. Apply the above workflow as a required step for OWASP projects; 3. Aid in auditing select FLOSS projects to create a baseline for comparing security amongst FLOSS projects. No apparent activity since Jan. 2009.0
41AOWASP Tools ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-tools-projecthttps://www.owasp.org/index.php/Category:OWASP_Tools_ProjectVishal Gargvishalgrg@gmail.comThe OWASP Tools Project has been created to provide unbiased, practical information and guidance about application security tools that are used to detect vulnerabilities or to protect against vulnerabilities. The goal of this project is to identify any available tools, categorise them and rate them according to a predefind criteria to assess their effectiveness.sec-tools9A listing of common security tools
42AOWASP Uniform Reporting GuidelinesDocumentationCreative Commons Attribution ShareAlike License V3.0NONEhttps://www.owasp.org/index.php/Projects/OWASP_Uniform_Reporting_GuidelinesVlad Gostomelskyvlad@owasp.orgThis project will complement the OWASP Testing Guide as well as the OWASP RFP Template. This is going to be a reporting template for vulnerability findings which will be free, base on industry best practices and hopefully will become the defacto standard. reporting-guide15A template for reporting for security assessments
43NOWASP Validation ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-validationhttps://www.owasp.org/index.php/OWASP_Validation_ProjectORPHANThe three major goals of the OWASP Validation Project are the following:

build an input validation guide
provide and implement input validation mechanisms for various platforms
rewrite Stinger to incorporate the design principles in the guide

46FOWASP Application Security Verification Standard ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-application-security-verification-standardhttps://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_ProjectSahba Kazerooni, Daniel Cuthbertsahba@securitycompass.com, daniel.cuthbert@owasp.orgThe primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigour available in the market when it comes to performing Web application security verification using a commercially-workable open standard.asvs4A standard for conducting application security assessments
48FOWASP Code Review Guide ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-codereviewhttps://www.owasp.org/index.php/Category:OWASP_Code_Review_ProjectEoin Kearyeoin.keary@owasp.orgThe code review guide is currently at release version 1.1 and the second best selling OWASP book in 2008. Many positive comments have been feedback regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity.codereview10A project to capture best practices for reviewing code
49FOWASP Codes of ConductDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-codes-of-conducthttps://www.owasp.org/index.php/OWASP_Codes_of_ConductColin Watsoncolin.watson@owasp.orgThis project envisages to create and maintain OWASP Codes of Conduct. In order to achieve our mission, OWASP needs to take advantage of every opportunity to affect software development everywhere. At the OWASP Summit 2011 in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations. We set out to define a set of minimal requirements for these organizations specifying what we believe to be the most effective ways to support our mission. We call these requirements a "code of conduct" to imply that these are normative standards, they represent a minimum baseline, and that they are not difficult to achievecodesofconduct14A set of guidelines for organizations to support the OWASP mission.
50IOWASP Common Numbering ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-common-numberinghttps://www.owasp.org/index.php/OWASP_Common_Numbering_ProjectDave Wichersdave.wichers@owasp.orgAn exciting development, a new numbering scheme that will be common across OWASP Guides and References is being developed. The numbering is loosely based on the OWASP ASVS section and detailed requirement numbering. OWASP ASVS, Guide, and Reference project leads and contributors as well as the OWASP leadership plan to work together to develop numbering that would allow for easy mapping between OWASP Guides and References, and that would allow for a period of transition as Guides and References are updated to reflect the new numbering. This project will provide a centralized clearinghouse for mapping information.commonnumbering15A common number scheme to refer to application security topics
52FOWASP Development Guide ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-guidehttps://www.owasp.org/index.php/Category:OWASP_Guide_ProjectVishal Gargvishalgrg@gmail.comThe Development Guide provides practical guidance and includes J2EE, ASP.NET, and PHP code samples. The Development Guide covers an extensive array of application-level security issues, from SQL injection through modern concerns such as phishing, credit card handling, session fixation, cross-site request forgeries, compliance, and privacy issues.dev-guide9A developer's guide covering web application and web service security
55FOWASP Secure Coding Practices - Quick Reference GuideDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-secure-coding-practiceshttps://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_GuideKeith Turpinkeith.turpin@owasp.orgThe Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest. secure-coding13High level, technology agnostic reference for secure coding practices
56FOWASP Software Assurance Maturity Model (SAMM)DocumentationCreative Commons Attribution ShareAlike License V3.0sammhttps://www.owasp.org/index.php/Category:Software_Assurance_Maturity_ModelPravir Chandrachandra@owasp.orgThis project is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization.opensamm8An open framework to help create a strategy for software security
57FOWASP Testing Guide ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-testinghttps://www.owasp.org/index.php/OWASP_Testing_ProjectMatteo Meuccimatteo.meucci@owasp.orgThe OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.testing-guide13A collection of application security testing procedures and checklists
58FOWASP Top Ten ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-toptenhttps://www.owasp.org/index.php/Category:OWASP_Top_Ten_ProjectDave Wichersdave.wichers@owasp.orgThe OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.top105Explanation of the top ten web application security vulnerabilities
63GOWASP Anti-Malware ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-anti-malwarehttps://www.owasp.org/index.php/Category:OWASP_Anti-Malware_ProjectGiorgio Fedongiorgio.fedon@mindedsecurity.comThis project is about describing common flaws in security designs that have been adopted for protecting banking websites against malware, as well as a series of best practices that should be considered for evaluating and building better anti-malware solutions. The project will be constantly updated with information taken from Owasp Community, Malware Analysis, Forensic Activities, as well as from any other validated source.No apparent activity since Jan 20090
65GOWASP Career Development ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0NONEhttps://www.owasp.org/index.php/Category:OWASP_Career_Development_ProjectORPHANThe OWASP Career Development project is focused on helping application security professionals understand the job market, roles, career paths, and skills to work in the field. Appropriate topics include job descriptions, descriptions of skills, where to get experience, how to grow as an application security professional, etc...0
68GOWASP Corporate Application Security Rating GuideDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-corporate-application-security-rating-guidehttps://www.owasp.org/index.php/OWASP_Corporate_Application_Security_Rating_GuideParvathy Iyer/INACTIVEparvathy_iyerO@yahoo.comThis project will help to organize and structure publicly available data that large companies will share of the lessons learned about how to organize an application security initiative, best practices for training and testing, and more. Analysis of publicly available data such as interviews, presentations, briefings for details. The project will link to all source material used in creating the rating. The rating will involve application security and awareness training; defining security requirements and verification for each application; establishing a dedicated application team and process for responding to security issues and allocating points to each issues.0
69GOWASP Cryttr - Encrypted Twitter ProjectCodeCreative Commons Attribution ShareAlike License V3.0owasp_cryttr_encrypted_twitterhttps://www.owasp.org/index.php/Category:OWASP_Cryttr_-_Encrypted_Twitter_ProjectMark Roxberrymark.roxberry@owasp.orgCryttr is a set of client tools to enable encrypted syndication and provide a front end to protect user's content. The proof of concept uses Twitter and the Twitter API to post encrypted "tweets" and decrypt "tweets" using a shared passkey. Cryttr uses the "encrypted syndication protocol" to connect to open internet resources via published APIs to encrypt and decrypt syndicated content.0
71IOWASP Favicon Database ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-favicon-databasehttps://www.owasp.org/index.php/Category:OWASP_Favicon_Database_ProjectVlatko Kosturjakkost@linux.hrSoftware enumeration via favicon.icofavicon-db10A listing of icon hashes to identify software via favicon.ico
75GOWASP Learn About Encoding ProjectCreative Commons Attribution ShareAlike License V3.0owasp-learn-about-encodinghttps://www.owasp.org/index.php/Category:OWASP_Learn_About_Encoding_ProjectFederico Casanif.casani@owasp.orgAims to educate developers, systems analysts or anyone who writes code regarding the knowledge of proper use of Charset and Canonicalization.0
77GOWASP PCI ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-pci-projecthttps://www.owasp.org/index.php/Category:OWASP_PCI_Project'Project Leader
VACANT' - Tom Brennan's note
To build and maintain community consensus for managing regulatory risk of web applications. For those with existing website security programs, to ensure their activities uniformly meet PCI requirements, and for those getting started - to aid in building a website security strategy that also ensures sustainable PCI compliance. 0
82GOWASP Web Application Scanner Specification ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-web-app-scanner-specification-projecthttps://www.owasp.org/index.php/Category:OWASP_Web_Application_Scanner_Specification_ProjectCorey LeBleucoreylebleu@gmail.comThere will always be a "gap" between the types of attacks that can be performed and those which can be found by an automated scanner. This project will attempt to outline some of those shortcomings and offer a plan for comparing and/or building web application vulnerability scanners. The project will also include feature suggestions beneficial to advanced users. 0
91IOWASP Application Security Assessment Standards Project DocumentationCreative Commons Attribution ShareAlike License V3.0owasp-appsec-standardshttps://www.owasp.org/index.php/Category:OWASP_Application_Security_Assessment_Standards_ProjectMatteo Michelinimatteo.michelini@owasp.orgThe Project’s primary objective is to establish common, consistent methods for application security assessments standards that organizations can use as guidance on what tasks should be completed, how the tasks should be completed, who should be involved and what level of assessment is appropriate based on business requirements.appsec-stds11A process for consistent methods for application security assessments
92IOWASP Application Security Program for ManagersDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-application-security-program-for-managerhttps://www.owasp.org/index.php/OWASP_Application_Security_Program_for_ManagersMatteo Meuccimatteo.meucci@owasp.orgThis project wants to address the Security Manager point of view and tell him what he should do to implement an efficient Application Security Programapp-sec-mgr11A guideline for managers to start an application security program
93IOWASP Application Security Skills AssessmentDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-assahttps://www.owasp.org/index.php/OWASP_Application_Security_Skills_AssessmentNeil SmithlineNeil.Smithline@owasp.orgThe OWASP Application Security Skills Assessment (OWASP ASSA) is an online multiple-choice quiz built to help individuals understand their strengths and weaknesses in specific application security skills with the aim of enabling them to focus their training in the most efficient and appropriate manner.assa4A quiz to help develop application security skills
97IOWASP Computer Based Training Project (OWASP CBT Project)DocumentationCreative Commons Attribution ShareAlike License V3.0owasp-cbthttps://www.owasp.org/index.php/Category:OWASP_CBT_ProjectNishi KumarNishi.Kumar@owasp.orgThe goal of this project is to provide computer based training on OWASP security related initiatives. This project is intended to provide increased access of security training material, convenience and flexibility to learners. It will be self-paced and the learning sessions will be available 24x7. Learners will not be bound to a specific day/time to physically attend classes. They can also pause learning sessions at their convenience.cbt3Computer-based training modules about OWASP and application security
98IOWASP Enterprise Application Security ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-eashttps://www.owasp.org/index.php/OWASP_Enterprise_Application_Security_ProjectAlexander Polyakova.polyakov@dsec.ruEnterprise applications security is one of the major topics in overall security area because those applications controls money and resources and every security violation can result a significant money loss. Purpose of this project is to aware people about enterprise application security problems and create a guideline for EA security assessment.eas3Guidance about procurement and design of enterprise applications
100IOWASP Exams ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-examshttps://www.owasp.org/index.php/OWASP_Exams_ProjectJason Taylorjason.taylor@owasp.orgThe OWASP Exams project will establish the model by which the OWASP community can create and distribute CC-licensed exams for use by educators. The purpose of the exams is to improve the effectiveness of OWASP training through the use of exams as a means of measurement and student progress tracking. The project will include creation of a set of CC-licensed exams, a model for exam usage, and a roadmap for future exam creationexams5A set of exams and study aids about application security
106IOWASP Myth Breakers ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-myth-breakershttps://www.owasp.org/index.php/OWASP_Myth_Breakers_ProjectStefano Di Paola, Dinis Cruzstefano@owasp.org, dinis.cruz@owasp.orgSimilar to http://dsc.discovery.com/tv/mythbusters but for appsec, urban legends and assumptions regarding appsec will be tested and there'll be a set of examples that will prove the correctness/incorrectness of a statement related to the question. Every question will be answered in the mailing list and further, a page on the OWASP site will be created to report the results. Also anyone will be able to use the contents of the page/ml in OWASP conferences to spread the verb about what's an urban legend and what's not". myth-breakers13A series to document common myths about application security
107IOWASP Project Partnership ModelDocumentationCreative Commons Attribution ShareAlike License V3.0NONEhttp://owasp.com/index.php/OWASP_Project_Partnership_ModelJeff Williams, John Stevenjeff.williams@owasp.org, John.Steven@owasp.orgThe OWASP Project Partnership Model is a way for people to collaborate on application security related projects in a way that everyone can benefit. Essentially, someone who wants to add or improve something at OWASP can craft an RFP using this OWASP Project RFC Template. You should add the link to the RFC here, so that interested parties can find it. project-partner15A model for commercial collaboration with OWASP projects
108IOWASP Proxy ProjectToolCreative Commons Attribution ShareAlike License V3.0owasp-proxy-projecthttps://www.owasp.org/index.php/Category:OWASP_ProxyRogan Dawesrogan@dawes.za.netThe OWASP Proxy aims to provide a high quality intercepting proxy library which can be used by developers who require this functionality in their own programs, rather than having to develop it all from scratch. proxy5A library providing intercepting proxy functionality
112IOWASP Security Baseline ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-security-baseline-projecthttps://www.owasp.org/index.php/OWASP_Security_Baseline_ProjectMarian Ventuneacmarian.ventuneac@owasp.orgThis projects aims to benchmark the security of various enterprise security products/services against OWASP Top 10 risks. Comprehensive assessing security of enterprise products/services, the OWASP Security Baseline initiative will (eventually) lead to vendor-independent security certified solutions. sec-baseline12A benchmark security analysis of enterprise products and services
113NOWASP Security Ecosystems ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0NONEhttps://www.owasp.org/index.php/Security_Ecosystem_ProjectJeff Williamsjeff.williams@owasp.orgNobody (and no company) can build secure software by themselves. We have seen that vulnerability research can help to drive security forward in companies, but it’s a painful process. We envision a partnership between technology platform vendors and a thriving ecosystem focused on the security of their technology. The ecosystem will include researchers (both builders and breakers), tools, libraries, guidelines, awareness materials, standards, education, conferences, forums, feeds, announcements, and probably more. sec-eco7
114IOWASP Software Security Assurance ProcessDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-software-security-assurance-processhttps://www.owasp.org/index.php/OWASP_Software_Security_Assurance_ProcessMateo Martinezmateo.martinez@owasp.orgTo outlines mandatory and recommended processes and practices to manage risks associated with applications. Software Security is equally dependent on people, processes and technology. The effectiveness of the OWASP Software Security Process is continuously measured and is improved through feedback, threat landscape changes, availability of new concepts and tools. Should be the framework to map Requirements, Dev and Testing guidelines for example. soft-sec8A set of recommended process and practices for software security
115IOWASP Threat Modeling ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-threat-modelling-projecthttps://www.owasp.org/index.php/OWASP_Threat_Modelling_ProjectAnurag Agarwalanurag.agarwal@owasp.orgEstablish a single and inclusive software-centric OWASP Threat modeling Methodology, addressing vulnerability in client and web application-level services over the Internet.threat-model12A methodology for software-centric threat modeling
117IOWASP Web Application Security Accessibility Project DocumentationCreative Commons Attribution ShareAlike License V3.0owasp-accessibility-projecthttps://www.owasp.org/index.php/OWASP_Web_Application_Security_Accessibility_Project#tab=Project_AboutPetr Závodský petr.zavodsky@owasp.orgThe practice points out to the fact that a seemingly secure web application does, in reality, protect interests of only a specific group of users. Interests of a great number of users are protected only partially or by no means. This project will focus extensively on the issue of web application security accessibility. accessiblity12Guidelines to increase the accessibility of web application security
121LOWASP AppSensor ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-appsensor-projecthttps://www.owasp.org/index.php/OWASP_AppSensor_ProjectMichael CoatesMichael.Coates@owasp.org, jtmelton@gmail.com, colin.watson@owasp.orgThe AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities. Need to push to mainstreamappsensor9A framework to detect and respond to attacks from within applications
123LOWASP Cloud ‐ 10 ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-cloud-10https://www.owasp.org/index.php/Category:OWASP_Cloud_‐_10_ProjectVinay Bansalvibansal@cisco.com, shbabu@cisco.com, Goal of the project is to maintain a list of top 10 security risks faced with the Cloud Computing and SaaS Models. List will be maintained by input from community, security experts and security incidences at cloud/SaaS providers.Rename to Cloud Top 10?cloud-108A list of top security risks face in cloud computing and SaaS models
129LOWASP Fuzzing Code DatabaseDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-fuzzing-code-databasehttps://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_DatabaseWagner Eliaswagner.elias@owasp.orgThis database is a collection of several statements used in code injection software.fuzzing-db10A collection of statements for code injection and fuzzing
140LOWASP Mutillidae ProjectToolCreative Commons Attribution ShareAlike License V3.0owasp-mutillidaehttps://www.owasp.org/index.php/Category:OWASP_MutillidaeAdrian Crenshawirongeek@irongeek.com

A deliberately vulnerable set of PHP scripts that implement the OWASP Top 10.
mutillidae10A deliberately vulnerable set of PHP scripts
143LOWASP Podcast ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-podcasthttps://www.owasp.org/index.php/OWASP_PodcastJim Manicojim@owasp.orgListen as Jim interviews OWASP volunteers, industry experts and leaders within the field of web application security.Mediapodcast7A podcast interview series about OWASP and application security
145LOWASP Secure Web Application Framework Manifesto DocumentationCreative Commons Attribution ShareAlike License V3.0owasp-swaf-manifestohttps://www.owasp.org/index.php/OWASP_Secure_Web_Application_Framework_ManifestoRohit Sethi, Yuk Fai Chanrohit.sethi@owasp.org, yuk.fai.chan@owasp.orgThe Secure Web Application Framework Manifesto is a document detailing a specific set of security requirements for developers of web application frameworks to adhere to. The goal is to help develop more secure applications from the start. swaf-manifesto14Set of security requirements for web application framework developers
146LOWASP Security Assurance Testing of Virtual Worlds ProjectToolCreative Commons Attribution ShareAlike License V3.0owasp-satvirtualworldshttp://owasp.com/index.php/Category:OWASP_Security_Assurance_Testing_of_Virtual_Worlds_ProjectRick Zhongrick.zhong@owasp.orgCreate a security testing framework specific to Virtual World related applications (MMORGs) and environments. The targeted audiences of this testing framework are the developers, end-users (individual players or companies) and third-party assessors.virtualworlds13A security testing framework for virtual world environments (MMORGs)
148LOWASP Vicnum ProjectToolCreative Commons Attribution ShareAlike License V3.0owasp-vicnum-projecthttps://www.owasp.org/index.php/Project_Information:template_Vicnum_ProjectMordecai KrausharMordecai.Kraushar@owasp.orgA lightweight vulnerable web application based on a game played to kill time. It demonstrates common web application vulnerabilities such as cross site scripting . Vicnum is especially helpful to IT auditors who need to hone web security skills. vicnum6A vulnerable web application created as a capture-the-flag style game
155LVirtual Patching Best PracticesDocumentationCreative Commons Attribution ShareAlike License V3.0NONEhttps://www.owasp.org/index.php/Virtual_Patching_Best_PracticesDan Cornell, Achim Hoffmann, Martin Knoblochdan.cornell@owasp.org, ah@securenet.de, martin.knobloch@owasp.orgThe goal with this paper is to present a virtual patching framework that organizations can follow to maximize the timely implementation of virtual patches, as well as, to demonstrate how the ModSecurity web application firewall can be used to remediate a sampling of vulnerabilities in the OWASP WebGoat application.virt-patch10A process to implement timely virtual patches for applications
157MOWASP .NET ProjectCreative Commons Attribution ShareAlike License V3.0owasp-dotnethttps://www.owasp.org/index.php/Category:OWASP_.NET_ProjectDaniel Brzozowskidaniel@brzozowski.bizThe project will contain information, materials and software that are relevant to building secure .NET web applications and services. The goal of the project is to provide deep content for all roles related to .NET web applications and services including:

Architectural guidance,
Developer tools, information and checklists,
IT professional content (for those that deploy and maintain .NET websites),
Penetration testing resources,
Incident response resources.

The OWASP .NET Project Leader will actively recruit .NET contributors, including personnel from Microsoft, but others throughout the .NET ecosystem. Including experts from communities from large companies to ISVs, from enterprise architects to ALT.NET developers will be important for the overall reach of the OWASP .NET project. Other communities to consider include developers who use Mono (.NET for Linux), including Moonlight (Silverlight for Linux). The OWASP .NET Project Leader will actively contribute to the OWASP projects that require .NET resources, by recruiting resources or contributing to the project.
Merge into ESAPI0
160MOWASP Certification Criteria ProjectCreative Commons Attribution ShareAlike License V3.0owasp-webcerthttps://www.owasp.org/index.php/Category:OWASP_Certification_Criteria_ProjectORPHANOWASP is not doing certification. Merge to Codes of Conduct for Certifying Bodies0
161MOWASP Certification ProjectCreative Commons Attribution ShareAlike License V3.0owasp-certhttps://www.owasp.org/index.php/Category:OWASP_Certification_Project DEPRECATEDThe project has six goals: allow employers to rate their developers and architects on security skills so they can be confident that every project has at least one "security master" and all of their developers and architects understand the common errors and how to avoid them; provide a means for buyers of software and systems vendors to measure the secure programming skills of the people who work for the supplier; allow developers and architects to identify their gaps in secure programming knowledge in the language they use and target education to fill those gaps; allow employers to evaluate job candidates and potential consultants on their secure design & development skills and knowledge; provide incentive for universities to include secure software design & development in required computer science, engineering, and programming courses; provide reporting to allow individuals and organizations to compare their skills against others in their industry, with similar education or experience or in similar regions around the world.OWASP is not doing certification. Merge to Codes of Conduct for Certifying Bodies0
190MThe OWASP "Green Book"DocumentationCreative Commons Attribution ShareAlike License V3.0owasp-codes-of-conducthttps://www.owasp.org/index.php/OWASP_Codes_of_ConductColin Watsoncolin.watson@owasp.orgThe OWASP Application Security Code of Conduct for Government Bodies0
191MThe OWASP "Red Book"DocumentationCreative Commons Attribution ShareAlike License V3.0owasp-codes-of-conducthttps://www.owasp.org/index.php/OWASP_Codes_of_ConductColin Watsoncolin.watson@owasp.orgThe OWASP Application Security Code of Conduct for Certifying Bodies0
192MThe OWASP "Yellow Book"DocumentationCreative Commons Attribution ShareAlike License V3.0owasp-codes-of-conducthttps://www.owasp.org/index.php/OWASP_Codes_of_ConductColin Watsoncolin.watson@owasp.orgThe OWASP Application Security Code of Conduct for Standards Groups0
193MThe OWASP "Blue Book"DocumentationCreative Commons Attribution ShareAlike License V3.0owasp-codes-of-conducthttps://www.owasp.org/index.php/OWASP_Codes_of_ConductColin Watsoncolin.watson@owasp.orgThe OWASP Application Security Code of Conduct for Educational Institutions0
194MThe OWASP "Purple Book"DocumentationCreative Commons Attribution ShareAlike License V3.0owasp-codes-of-conducthttps://www.owasp.org/index.php/OWASP_Codes_of_ConductColin Watsoncolin.watson@owasp.orgThe OWASP Application Security Code of Conduct for Trade Organizations0
203NOWASP Flash Security ProjectCreative Commons Attribution ShareAlike License V3.0owasp-flash-securityhttps://www.owasp.org/index.php/Category:OWASP_Flash_Security_ProjectPeleus Uhleypuhley@adobe.comOWASP Flash Security Project is an open project for sharing a knowledge base in order to raise awareness around the subject of Flash applications security.This is an ecosystem/community0
205NOWASP Internationalization ProjectCreative Commons Attribution ShareAlike License V3.0owasp-internationalization-guidelineshttps://www.owasp.org/index.php/OWASP_InternationalizationORPHANThis project is the pioneer of an effort to define basic guidelines for the localization of OWASP site and OWASP projects (both documentation and software).To be superseded by the "Internationalization Task Force"0
210NOWASP Portuguese Language ProjectCreative Commons Attribution ShareAlike License V3.0owasp-portuguese-projecthttps://www.owasp.org/index.php/Projects/OWASP_Portuguese_Language_Project Lucas Ferreira, Carlos Serrão lucas.ferreira@owasp.org, carlos.serrao@owasp.orgTo be superseded by the "Internationalization Task Force"0
GPCWS Jun11 Export
Projects Inventory
Dashboard Paste
SDLC Mapping
Mailing Lists