ABCDEFGHIJKLMQRSTUVWXYZAA
1
Builder, Breaker, DefenderOWASP SAMMStatusLast evaluation dateProposed Project StatusProject NameProject TypeProject LicenseOWASP Mailman Mailing ListProject Wiki PageProject Leader(s) (if exists)Project Leader Email(s) (if exists)Evaluation LinkRelease status and/or dateRelease LinkNext evaluation dateComments last reviewUpdate April 2015
2
BreakerInactiveArchived Project: https://www.openhub.net/p/owaspphpsec12/1/2015IOWASP PHP Security ProjectCodeCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_PHP_Security_Projecthttps://www.owasp.org/index.php/OWASP_PHP_Security_ProjectAbbas NaderiAbbas.Naderi@owasp.orgEMAILS FROM Jim Manico, Johanna Curiel, Tim Goosen on threads advised their is isssue with code and unresolved issues reported by github usersJune, 2014http://github.com/OWASP/phpsec/archive/master.zipJanuary, 2015No more commits in a long period(6 months)Up Re-review
3
BreakerVerificationHigh Activity: https://www.openhub.net/p/Shepherd-Project5/1/2015IOWASP Security ShepherdToolGNU GPL v3OWASP_Security_Shepherdhttps://www.owasp.org/index.php/OWASP_Security_ShepherdMark DenihanMark.Denihan@owasp.org7/18/2014http://sourceforge.net/projects/owaspshepherd/files/October, 2015Project Leader Requested a Review on 10/30/2015
4
BuilderConstructionLow activity: https://www.openhub.net/p/owasp-esapi-java13/2/2015LOWASP Enterprise Security APICodeBSD Licenseesapi-usershttps://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_APIChris Schdmit, Kevin WallChris Schmidt, Kevin Wall9/1/2013https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=DownloadsDecember, 2015
5
BuilderConstructionLow Activity:https://www.openhub.net/p/owasp-modsecurity-crsMay, 2015FOWASP ModSecurity Core Rule Set ProjectCodeApache License V2.0owasp-modsecurity-core-rule-sethttps://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_ProjectRyan BarnettRyan.Barnett@owasp.org3/1/2014http://sourceforge.net/projects/mod-security/December, 2015Wiki
6
BuilderConstructionModerate Activity: https://www.openhub.net/p/OWASP-CSRFGuardMay, 2015FOWASP CSRFGuard ProjectCodeBSD Licenseowasp-csrfguardhttps://www.owasp.org/index.php/Category:OWASP_CSRFGuard_ProjectEric Sheridaneric.sheridan@owasp.orghttps://www.owasp.org/images/4/46/Project_Status_Report-CRSFGuard-2.pdfFebraury, 2014https://github.com/aramrami/OWASP-CSRFGuardDecember, 2015Project must update key info on wiki to become candidate flagship.
7
OtherConstructionInactive, has not produce any new videos in more than 2 yearsJanuary, 2015LOWASP AppSec Tutorial SeriesDocumentationCreative Commons Attribution NonCommercial License V2.0NONEhttps://www.owasp.org/index.php/OWASP_Appsec_Tutorial_SeriesJerry Hoffjerry@owasp.org9/1/2012https://www.youtube.com/user/AppsecTutorialSeriesDecember, 2015Project is dormant
8
DefenderConstructionModerate Activity:https://www.openhub.net/p/appsensor5/25/2015FOWASP AppSensor ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-appsensor-projecthttps://www.owasp.org/index.php/OWASP_AppSensor_ProjectMichael CoatesMichael.Coates@owasp.org, jtmelton@gmail.com, colin.watson@owasp.orgNovember, 2014https://github.com/jtmelton/appsensorDecember, 2015
9
BreakerVerificationContest active at OWASP conferences2/1/2015LOWASP CTF ProjectContestUnknownowasp-ctfhttps://www.owasp.org/index.php/Category:OWASP_CTF_ProjectSteven van der Baansteven.van.der.baan@owasp.orgJanuary, 2012https://code.google.com/p/owaspctf/downloads/listDecember, 2015Project is a set web challenges but it has not being updated since 2011
10
BuilderGovernanceInactive: no updates is more than 2 yearsFebruary,2015LOWASP Legal ProjectDocumentationUnknownowasp-legalhttps://www.owasp.org/index.php/Category:OWASP_Legal_ProjectJeff Williamsjeff.williams@owasp.orghttps://docs.google.com/a/owasp.org/spreadsheets/d/10ez1BPbQjUEC8dxbbLXWX8vQ60ooLmwsSLEE5jN8zfQ/edit#gid=2March, 2009https://www.owasp.org/index.php/Category:OWASP_Legal_Project#tab=DownloadsDecember, 2015Project has no updates since 2009
11
OtherGovernanceActiveFebruary,2015LOWASP Podcast ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-podcasthttps://www.owasp.org/index.php/OWASP_PodcastMark MillerMark.Miller@owasp.orgMarch, 2014https://soundcloud.com/owasp-podcastDecember, 2015Project is active.
12
BuilderGovernanceLow activity11/1/2014LVirtual Patching Best PracticesDocumentationCreative Commons Attribution ShareAlike License V3.0NONEhttps://www.owasp.org/index.php/Virtual_Patching_Best_PracticesRyan Barnettdan.cornell@owasp.org, achim@owasp.org, martin.knobloch@owasp.orgFebruary, 2011https://www.owasp.org/index.php/Summit_2011December, 2015Project has been quite for a while. Since is a document we do not expect continues updates
13
BreakerVerificationActive: participated in the Project Summit EU 2015 in Amsterdam1/1/2015FOWASP Application Security Verification Standard ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-application-security-verification-standardhttps://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_ProjectAndrew van der Stock, Daniel Cuthbertvanderaj@owasp.org, daniel.cuthbert@owasp.orgAugust, 2013https://www.owasp.org/images/5/58/OWASP_ASVS_Version_2.pdf
December, 2015Project was evaluated in April and reached Flasghip status due to his maturity level and great embracement of the community
14
BreakerVerificationActive: participated in the Project Summit EU 2015 in Amsterdam.Busy with alpha release4/1/2015LOWASP Code Review Guide ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-codereviewhttps://www.owasp.org/index.php/Category:OWASP_Code_Review_ProjectLarry Conklin, Gary RobinsonLarry.Conklin@owasp.org, gaz_robinson@yahoo.co.ukFebraury, 2009http://www.lulu.com/shop/owasp-foundation/owasp-code-review/paperback/product-4458615.htmlDecember, 2015V. 2 is currently undergoing reviews. The next release will be out later this year.
15
OtherGovernanceActive: participated in the Project Summit EU 2015 in Amsterdam.Busy with alpha release5/25/2015LOWASP Codes of ConductDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-codes-of-conducthttps://www.owasp.org/index.php/OWASP_Codes_of_ConductColin Watsoncolin.watson@owasp.orgOctober, 2013http://www.lulu.com/shop/owasp-foundation/owasp-codes-of-conduct/paperback/product-21247130.htmlDecember, 2015Project has no updates
16
BuilderConstructionLow activity: During the Appsec Eu 2015 summit, Andrew assigned 2 new leaders, Steven van der Baan will be leading the project5/25/2015LOWASP Development Guide ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-guidehttps://www.owasp.org/index.php/Category:OWASP_Guide_ProjectSteven van der Baansteven.van.der.baan@owasp.orgJanuary, 2014https://github.com/OWASP/DevGuide/tree/master/DevGuide2.1.1December, 2015Project is strugling witha new version. Project leader has look out for help
17
BuilderConstructionLow activity4/1/2015LOWASP Secure Coding Practices - Quick Reference GuideDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-secure-coding-practiceshttps://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_GuideKeith Turpinkeith.turpin@owasp.orgOctober, 2012http://sourceforge.net/projects/mod-security/December, 2015
18
OtherGovernanceActive: Project is busy with a more compact verison of OpenSamm5/25/2015FOWASP Software Assurance Maturity Model (SAMM)DocumentationCreative Commons Attribution ShareAlike License V3.0sammhttps://www.owasp.org/index.php/Category:Software_Assurance_Maturity_ModelSeba, Kuai HinojosaSeba@owasp.org; kuai.hinojosa@owasp.orgMarch, 2009http://www.opensamm.org/download/December, 2015Very active project with own summits & promotions
19
BreakerVerificationActive. release version 3.0 in spetember 2014February,2015FOWASP Testing Guide ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-testinghttps://www.owasp.org/index.php/OWASP_Testing_ProjectMatteo Meucci, Andrew Mullermatteo.meucci@owasp.org; Andrew MullerSeptember,2014https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdfDecember, 2015Major release of the new guide done in September 2014
20
BreakerVerificationActiveJanuary, 2015FOWASP Top Ten ProjectDocumentationCreative Commons Attribution ShareAlike License V3.0owasp-toptenhttps://www.owasp.org/index.php/Category:OWASP_Top_Ten_ProjectDave Wichersdave.wichers@owasp.orgJune, 2013https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2013December, 2015
21
BreakerVerificationLow activityFebruary, 2015LOWASP Broken Web Applications ProjectToolGNU General Public License version 2.0 (GPLv2)NONEhttps://www.owasp.org/index.php/OWASP_Broken_Web_Applications_ProjectChuck Willischuck@securityfoundry.comhttps://www.owasp.org/images/1/1f/Project_Status_Report_-_Broken_Web_Applications_Project.pdf9/27/2013http://sourceforge.net/projects/owaspbwa/files/December, 2015Project must update key info on wiki to become candidate flagship.No major update so far
22
OtherVerificationModerate Activity: https://www.openhub.net/p/OWASP-EnDeApril, 2015LOWASP EnDe ProjectToolGNU General Public License version 2.0 (GPLv2)owasp-ende-projecthttps://www.owasp.org/index.php/Category:OWASP_EnDeAchim Hoffmannachim@owasp.orghttps://www.owasp.org/images/7/76/Project_Status_Report-EnDe.pdfJune, 2012http://ende.my-stp.net/EnDe-1.0rc12.tgzDecember, 2015Project will keep LAB status.Project is active with commits during this yea
23
BreakerVerificationLow developement activity https://www.openhub.net/p/hackademic but busy with improvements. Was present at the Project SummitMay, 2015LOWASP Hackademic Challenges ProjectToolApache License V2.0owasp-hackademic-challengeshttps://www.owasp.org/index.php/OWASP_Hackademic_Challenges_ProjectKonstantinos Papapanagiotou
Spyros Gasteratos
Andreas Venieris		anast@owasp.gr, konstantinos@owasp.orghttps://www.owasp.org/images/8/84/Project_Status_Report-Hackademics.pdfFebruary, 2011https://code.google.com/p/owasp-hackademic-challenges/downloads/listDecember, 2015Project must update key info on wiki to become candidate flagship.
24
BreakerVerificationNo updates in more than 2 yearsJuly, 2014LOWASP Mantra Security FrameworkToolGNU General Public License version 3.0 (GPLv3)owasp-mantrahttps://www.owasp.org/index.php/OWASP_Mantra_-_Security_FrameworkAbhi M BalaKrishnanabhi@getmantra.comhttps://www.owasp.org/images/a/ab/Project_Status_Report-MantraFramework.pdfJanuary, 2013http://sourceforge.net/projects/getmantra/December, 2015This project will keep it's LAB status for now.
25
BreakerVerificationModerate activity: https://www.openhub.net/p/o2platformJuly, 2014LOWASP O2 PlatformToolApache License V2.0owasp-o2-platformhttps://www.owasp.org/index.php/OWASP_O2_PlatformDinis Cruzdinis.cruz@owasp.orghttps://www.owasp.org/images/4/4c/Project_Status_Report_-OWASP_O2.pdfApril, 2013https://o2platform.googlecode.com/files/O2%20Platform%20-%20Main%20O2%20Gui%20v5.3.exeDecember, 2015
26
BreakerVerificationinactiveJuly, 2014LOWASP Vicnum ProjectToolCreative Commons Attribution ShareAlike License V3.0owasp-vicnum-projecthttps://www.owasp.org/index.php/Project_Information:template_Vicnum_ProjectMordecai Kraushar; Nicole BecherMordecai.Kraushar@owasp.org; Nicole.Becher@owasp.org7/16/2012http://sourceforge.net/projects/vicnum/files/December, 2015Project must update key info on wiki to become candidate flagship.
27
BreakerVerificationActive: https://www.openhub.net/p/owasp-owtfFebruary, 2015FOWASP OWTFToolBSD Licenseowasp_owtfhttps://www.owasp.org/index.php/OWASP_OWTFAbraham ArangurenAbraham.Aranguren@owasp.orghttps://www.owasp.org/images/8/8e/Project_Status_Report-OWTF.pdfJanuary, 2014https://github.com/owtf/owtfDecember, 2015Most info has being update.Project ha sbeing set to Flagship status
28
BreakerVerificationActiveFebruary, 2015FOWASP Web Testing Environment ProjectToolGNU General Public License version 3.0 (GPLv3)web-testing-environmenthttps://www.owasp.org/index.php?title=OWASP_Web_Testing_Environment_ProjectMatt Tesauromatt.tesauro@owasp.orghttps://www.owasp.org/images/4/45/Project_Status_Report-WebTestingFramework.pdfOctober, 2012http://appseclive.org/downloads/December, 2015Was upgraded to flagship
29
BreakerVerificationModerate activity with new release:February, 2015LOWASP WebGoat ProjectToolGNU General Public License version 2.0 (GPLv2)owasp-webgoathttps://www.owasp.org/index.php/WebgoatBruce Mayhewwebgoat@owasp.orghttps://www.owasp.org/images/2/28/Project_Status_Report-WebGoat-2.pdf10/1/2013https://github.com/mayhew64/webgoatDecember, 2015
30
BreakerVerificationFebruary, 2015FOWASP Zed Attack ProxyToolApache License V2.0NONEhttps://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_ProjectPsiinonpsiinon@gmail.com5/21/2014https://code.google.com/p/zaproxy/wiki/Downloads?tm=2December, 2015Project to be considered a candidate flagship project.
31
OtherVerificationActive: https://www.openhub.net/p/O-Saft5/25/2015LO-SaftToolGNU GPL v2O-Safthttps://www.owasp.org/index.php/O-SaftAchim Hoffmannachim@owasp.orgJanuary, 2014https://github.com/OWASP/O-Saft/raw/master/o-saft.tgzDecember, 2015
32
Builder/DefenderVerificationVery High Activity: https://www.openhub.net/p/dependencycheck5/25/2015FOWASP Dependency CheckToolAPL 2.0OWASP_Dependency_Checkhttps://www.owasp.org/index.php/OWASP_Dependency_CheckJeremy Longjeremy.long@owasp.orgSeptember, 2014https://github.com/jeremylong/DependencyCheckDecember, 2015Graduated to LAB status September, 2014.
33
BuilderConstructionActive4/1/2015IOWASP Java Encoder ProjectCodeBSD Licenseowasp-java-encoder-projecthttps://www.owasp.org/index.php/OWASP_Java_Encoder_ProjectJeff Ichnowskijeff.ichnowski@gmail.comFebruary, 2014https://code.google.com/p/owasp-java-encoder/December, 2015
34
BuilderConstructionInactive: https://www.openhub.net/p/json-sanitizerJanuary , 2015IOWASP JSON SanitizerCodeApache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)OWASP_JSON_Sanitizerhttps://www.owasp.org/index.php/OWASP_JSON_SanitizerMike Samuelmikesamuel@gmail.com7/5/2014https://code.google.com/p/json-sanitizer/downloads/detail?name=json-sanitizer-2012-10-17.jar&can=2&q=December, 2015Project has not been updated in 9 months, no activiy.It has been set as inactive
35
BuilderConstructionActive: https://www.openhub.net/p/passfaultJanuary , 2015IOWASP PassfaultCodeGNU LGPL v3owasp_passfaulthttps://www.owasp.org/index.php/OWASP_PassfaultCam Morriscam.morris@owasp.orgMarch, 2014https://github.com/c-a-m/passfault/releasesDecember, 2015Project is uite stable an active
36
BuilderConstructionLow ActivityJanury, 2015IOWASP Java File I/O Security ProjectCodeApache 2.0 LicenseOWASP_Java_File_I_O_Security_Projecthttps://www.owasp.org/index.php/OWASP_Java_File_I_O_Security_ProjectAugust DetlefsenAugust.Detlefsen@owasp.orgDecember, 2015Project is still new, with no release yet.
37
BuilderConstructionLow ActivityJanuary , 2015IOWASP Security Research and Development FrameworkCodeGNU GPL v2OWASP_Security_Research_and_Development_Frameworkhttps://www.owasp.org/index.php/OWASP_Security_Research_and_Development_FrameworkAmr ThabetAmr.Thabet@owasp.orgNovember, 2012https://github.com/AmrThabet/winSRDFDecember, 2015Was inactivated due to lack of activity, but was reactivated at the project leaders request. Keep an eye on this project to make sure they are producing updates.
38
BuilderConstructionVery Low Activity: https://www.openhub.net/p/owasp-php-rbac4/1/2015IOWASP PHPRBAC ProjectCodeCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_PHPRBAChttps://www.owasp.org/index.php/OWASP_PHPRBAC_ProjectAbbas Naderiabbas.naderi@owasp.orgMarch, 2014http://sourceforge.net/projects/phprbac/December, 2015Code has not been updated in almost a year.release is stable
39
BuilderConstructionInactive: https://www.openhub.net/p/EJSFNovember ,2014IOWASP EJSF ProjectCodeGNU GPL v3 License (allows commercial use, but requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)OWASP_EJSF_Projecthttps://www.owasp.org/index.php/OWASP_EJSF_ProjectProf.Dr.Benoistemmanuel.benoist@bfh.ch10/1/2013http://security4web.ch/OWASP/esapi_final.jarDecember, 2015
40
Low activity: https://www.openhub.net/p/owasp-imas5/1/2015IOWASP iMAS - iOS Mobile Application Security ProjectCodeApache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)OWASP_iMAS_iOS_Mobile_Application_Security_Projecthttps://www.owasp.org/index.php/OWASP_iMAS_iOS_Mobile_Application_Security_ProjectGregg Ganleygganley@mitre.org, Gregg.Ganley@owasp.orgDecember, 2013http://project-imas.github.ioDecember, 2015This project is active, but there have been no updates or releases on the wiki page. It looks like the project still loosely affiliates with OWASP, and the project is active at AppSec events, but I'm not sure it can really be considered an OWASP project anymore.
41
BuilderLow Activity: https://www.openhub.net/p/owasp-php-rbac5/1/2015IOWASP RBAC ProjectCodeApache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)OWASP_RBAC_Projecthttps://www.owasp.org/index.php/OWASP_RBAC_ProjectAbbas Naderiabiusx@owasp.orgDecember, 2015There have been no updates to the wiki page, though this is an active project.
42
BuilderActive: https://www.openhub.net/p/NodeGoatApril,2015IOWASP Node.js Goat ProjectCodeApache 2.0OWASP_Node_js_Goat_Projecthttps://www.owasp.org/index.php/OWASP_Node_js_Goat_ProjectChetan KarandeChetan.Karande@owasp.orgMay, 2014https://github.com/OWASP/NodeGoatDecember, 2015Very active project.Commits less than a month ago since last review date
43
?FakeApril , 2015IOWASP System Vulnerable Code ProjectCodeGNU LGPL v3 LicenseOWASP_System_Vulnerable_Code_Projecthttps://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_ProjectShezan DhakaShezan@owasp.orghttp://lappyframework.blogspot.comDecember, 2015This project has been set up to create another tool entirely. There has only been one update on the project and that was in December. The update was a set up of a blogspot stating the intention of creating the tool. I don't think this project has much of a goal in being an OWASP project. I have emailed the project leader asking for clarification. Project leader has violated his rights and this is definelty a fake project. Been set as inactive
44
BuilderNo release so far in 2 years. Set as inactiveApril , 2015IOWASP ISO IEC 27034 Application Security Controls ProjectCodeGNU LGPL v3 LicenseOWASP_ISO_IEC_27034_Application_Security_Controls_Projecthttps://www.owasp.org/index.php/OWASP_ISO_IEC_27034_Application_Security_Controls_ProjectJonathan MarcilJonathan.Marcil@owasp.orgDecember, 2015No release yet.
45
No activity since project begon.Set as inactive4/1/2015IOWASP Secure Headers ProjectCodeApache 2.0 LicenseOWASP_Secure_Headers_Projecthttps://www.owasp.org/index.php/OWASP_Secure_Headers_ProjectJosh MatzJosh.Matz@owasp.orgDecember, 2015No release yet.
46
Project is quite complete but has had no releases is more than a year5/1/2015IOWASP Hardened Phalcon ProjectCodeMIT LicenseOWASP_Hardened_Phalconhttps://www.owasp.org/index.php/OWASP_Hardened_Phalcon_ProjectRhodry KorbRhodry.Korb@owasp.orgDecember, 2015No release or updates. Project leader has been contacted for updates. Will inactivate if no updates are made or if project leader doesn't respond.
47
Low but active: https://www.openhub.net/p/OWASP-Faux-Bank-ClassicASP5/1/2015IOWASP Faux Bank ProjectCodeApache 2.0 Licenseowasp_faux_bankhttps://www.owasp.org/index.php/OWASP_Faux_Bank_ProjectDavie Elliottdavie.elliott@owasp.orgJuly, 2014December, 2015
48
BreakerVerificationhttps://www.openhub.net/p/owasp-java-html-sanitizer, Moderate activity1/1/2016IOWASP Java HTML Sanitizer ProjectToolBSD Licenseowasp-java-html-sanitizerhttps://www.owasp.org/index.php/OWASP_Java_HTML_SanitizerMike Samuel, Jim Manicomikesamuel@gmail.com, jim@owasp.org7/2/2014https://code.google.com/p/owasp-java-html-sanitizer/downloads/detail?name=owasp-java-html-sanitizer-r226.zip&can=2&q=December, 2015
49
BreakerVerificationInactive: https://www.openhub.net/p/owasp-jxt5/1/2015IOWASP Java XML Templates ProjectToolBSD Licenseowasp-java-xml-templateshttps://www.owasp.org/index.php/OWASP_Java_XML_Templates_ProjectJeff Ichnowskijeff.ichnowski@gmail.com2/1/2011https://code.google.com/p/owasp-jxt/downloads/detail?name=jxt-1.0-RC1.zip&can=2&q=December, 2015Project hasn't had activity on the wiki page or in the code page, but an Openhub account has been created.
50
BreakerVerificationModerate activity: https://www.openhub.net/p/OWASP-naxsi5/1/2015IOWASP NAXSI ProjectToolGNU General Public License version 2.0 (GPLv2)owasp-naxsi-projecthttps://www.owasp.org/index.php/OWASP_NAXSI_ProjectThibault "bui" Koechlinbui@nbs-system.comJune, 2014https://github.com/nbs-system/naxsiDecember, 2015Project is putting out releases and updates regularly, but has not updated the project wiki page in some time.
51
BreakerVerificationMain branch inactive: https://www.openhub.net/p/owasp5/1/2015IOWASP WebGoat.NETToolGNU General Public License version 3.0 (GPLv3)https://www.owasp.org/index.php/Category:OWASP_WebGoat.NETJerry Hoffjerry.hoff@owasp.org5/1/2013https://github.com/OWASP/WebGoat.NET/tree/VS_2010December, 2015
52
BreakerVerificationinactive: https://www.openhub.net/p/OWASP-PathTraverser5/1/2015IOWASP Path TraverserToolAttribution-NonCommercial-NoDerivs 3.0 Unported (CC BY-NC-ND 3.0OWASP_Path_Traverserhttps://www.owasp.org/index.php/OWASP_Path_TraverserTal MelamedTal.Melamed@owasp.org4/1/2013https://github.com/nu11p0inter/PathTraverserDecember, 2015No project release for over a year, and no updates to the project wiki page. However, the project has a Openhub account.
53
BreakerVerificationModerate activity: https://www.openhub.net/p/watiqay5/1/2015IOWASP WatiqayToolGNU GPL v2OWASP_Watiqayhttps://www.owasp.org/index.php/OWASP_WatiqayCarlos Ganoza PlasenciaCarlos.Ganoza@owasp.org4/1/2014December, 2015Project was released at LATAM 2014, but there is no link on the wiki and no updates on the wiki page for over a year. The project also has an Openhub account.
54
BreakerVerificationUpgraded to LAB status: https://www.openhub.net/p/OWASP-Xenotix-XSS-Exploit-Framework4/1/2015LOWASP Xenotix XSS Exploit FrameworkToolCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_Xenotix_XSS_Exploit_Frameworkhttps://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_FrameworkAjin AbrahamAjin.Abraham@owasp.org2/1/2014http://opensecurity.in/downloads/OWASP_Xenotix_XSS_Exploit_Framework_V5.rarDecember, 2015
55
BreakerVerificationNo activity since project begon.Set as inactiveN/AIOWASP Mantra OSToolCreative Commons Attribution ShareAlike 3.0 LicenseOWASP_Mantra_OShttps://www.owasp.org/index.php/OWASP_Mantra_OSGregory Disney-LeugersGregory.Disney@owasp.org10/1/2013http://sourceforge.net/projects/mantraos/December, 2015Project is low activity
56
BreakerVerificationLow activity: https://www.openhub.net/p/owasp-igoatN/AIOWASP iGoat ProjectToolGNU General Public License version 3.0 (GPLv3)owasp-igoat-projecthttps://www.owasp.org/index.php/OWASP_iGoat_ProjectKenneth R. van Wykken@krvw.com4/9/2014https://drive.google.com/folderview?id=0B4JD0hBwn1-uZmJXU0pfdEUtdlE&usp=sharingDecember, 2015
57
BreakerVerificationLow activity:https://www.openhub.net/p/owaspbricksN/AIOWASP BricksToolApache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)OWASP_Brickshttps://www.owasp.org/index.php/OWASP_BricksAbhi M Balakrishnanabhi.balakrishnan@owasp.orgNovember, 2013http://sechow.com/bricks/download.htmlDecember, 2015
58
BreakerVerificationInactive3/1/2015IOWASP Hive ProjectToolCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_Hive_Projecthttps://www.owasp.org/index.php/OWASP_Hive_ProjectJason JohnsonJason.Johnson@owasp.orgDecember, 2015Reached out to project leader for project status. There is no release link or recent updates.Project has been set as inactive
59
BreakerVerificationActive: https://www.openhub.net/p/railsgoat5/1/2015IOWASP Rails Goat ProjectToolApache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)OWASP_Rails_Goathttps://www.owasp.org/index.php/OWASP_Rails_Goat_ProjectKen JohnsonKen.Johnson@owasp.org4/1/2014https://github.com/OWASP/railsgoatDecember, 2015Project has been set as inactive
60
BreakerverificationAlmost inactive: https://www.openhub.net/p/bywaf5/1/2015IOWASP Bywaf ProjectToolGNU GPL v3 License (allows commercial use, but requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)OWASP_Bywaf_Projecthttps://www.owasp.org/index.php/OWASP_Bywaf_ProjectRafael Gil Lariosrafael.gillarios@owasp.org4/29/2014https://github.com/depasonico/bywaf-owaspDecember, 2015
61
BreakerverificationVery Active: https://www.openhub.net/p/mutillidae5/1/2015IOWASP Mutillidae 2 ProjectToolGNU GPL v3 License (allows commercial use, but requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)OWASP_Mutillidae_2_Projecthttps://www.owasp.org/index.php/OWASP_Mutillidae_2_ProjectJeremy DruinJeremy.Druin@owasp.orgMarch, 2014http://sourceforge.net/projects/mutillidae/files/December, 2015
62
BreakerverificationLow activity: https://www.openhub.net/p/owasp-seraphimdroid5/1/2015IOWASP SeraphimDroid ProjectToolGNU GPL v3 License (allows commercial use, but requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)OWASP_SeraphimDroid_Projecthttps://www.owasp.org/index.php/OWASP_SeraphimDroid_ProjectNikola Miloševićnikola.milosevic@owasp.orgJuly, 2014https://github.com/nikolamilosevic86/owasp-seraphimdroidDecember, 2015
63
BreakerverificationLow activity:https://github.com/Flo354/Androick/graphs/contributors5/1/2015IOWASP Androïck ProjectToolGNU GPL v3 License (allows commercial use, but requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)OWASP_Androick_Projecthttps://www.owasp.org/index.php/OWASP_Androick_ProjectFlorian PradinesFlorian.Pradines@owasp.orgMay, 2014http://sourceforge.net/projects/androick/files/Release-2.0/December, 2015No updates to the wiki page in over a year, download link does go to the latest release.
64
defender:Active: https://www.openhub.net/p/dependency-track5/1/2015IOWASP Dependency Track ProjectToolGNU GPL v3 License (allows commercial use, but requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)OWASP_Dependency_Track_Projecthttps://www.owasp.org/index.php/OWASP_Dependency_Track_ProjectSteve SpringettSteve.Springett@owasp.orgMay, 2014https://github.com/stevespringett/dependency-trackDecember, 2015
65
low activity5/1/2015IOWASP PHP Portscanner ProjectToolGNU AGPL v3 License (similar to GPL but modified for use with web applications and web interfaces)https://lists.owasp.org/mailman/listinfo/owasp_php_portscanner_projecthttps://www.owasp.org/index.php/OWASP_PHP_Portscanner_ProjectBhavesh NaikBhavesh.Naik@owasp.org; bhavesh_shouts@yahoo.comJanuary, 2014https://www.owasp.org/images/1/11/O3P_v2.zipDecember, 2015
66
Active: https://www.openhub.net/p/owasp-pysec5/1/2015IOWASP Python Security ProjectToolApache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)OWASP_Python_Security_Projecthttps://www.owasp.org/index.php/OWASP_Python_Security_ProjectEnrico BrancaEnrico.Branca@owasp.orgJune, 2014https://github.com/ebranca/owasp-pysecDecember, 2015
67
Active: https://www.openhub.net/p/webspa5/1/2015IOWASP WebSpa ProjectToolGNU GPL_v3OWASP_WebSpa_Project
https://www.owasp.org/index.php/OWASP_WebSpa_Project
Oliver Merki
oliver.merki@ubs.com; Oliver.Merki@owasp.org
4/27/2014http://sourceforge.net/projects/webspa/December, 2015
68
Low activity:https://www.openhub.net/p/OWASPNINJA-PingU5/1/2015IOWASP NINJA PingU ProjectToolGNU LGPL v3 LicenseOWASP_NINJA_PingU_Projecthttps://www.owasp.org/index.php/OWASP_NINJA_PingU_ProjectGuifre RuizGuifre.Ruiz@owasp.orgJanuary, 2014https://github.com/OWASP/NINJA-PingU/archive/v1.0.1.tar.gzDecember, 2015
69
Dormant: No new releases 5/1/2015IOWASP Encoder Comparison Reference ProjectToolApache 2.0 LicenseOWASP_Encoder_Comparison_Reference_Projecthttps://www.owasp.org/index.php/OWASP_Encoder_Comparison_Reference_ProjectStephanie TanStephanie.Tan@owasp.org2/11/2014https://github.com/boldersecurity/encoder-comparison-referenceDecember, 2015
70
N/AIOWASP SQLIX ProjectToolCreative Commons Attribution ShareAlike 3.0 Licenseowasp-sqlixhttps://www.owasp.org/index.php/Category:OWASP_SQLiX_ProjectAdopted by Anirudh AnandAnirudh.Anand@owasp.org2008http://cedri.cc/tools/SQLiX_v1.0.tar.gzDecember, 2015Recently adopted. The last release was from 2008.
71
Project has been reactivated by Ryan and its going pretty well.has been set as Research ProjectMay,2015IOWASP WASC Distributed Web Honeypots ProjectToolApache 2.0 LicenseOWASP_WASC_Distributed_Web_Honeypots_Projecthttps://www.owasp.org/index.php/OWASP_WASC_Distributed_Web_Honeypots_ProjectRyan BarnettRyan.Barnett@owasp.orgDecember, 2015
72
Link to download project is not working.Sent email to project leaderMay,2015IOWASP Click Me ProjectToolApache 2.0 LicenseOWASP_Click_Me_Projecthttps://www.owasp.org/index.php/OWASP_Click_Me_ProjectArun KumarArun.Kumar@owasp.orgMarch, 2014https://github.com/beingArunkumar/OWASP-ClickMe/releases/download/v1.0/OWASPClickMe.zipDecember, 2015
73
Project has a release but no updates in almost a year. Has been set under low activityMay,2015IOWASP Secure TDD ProjectToolApache 2.0 LicenseOWASP_Secure_TDD_Projecthttps://www.owasp.org/index.php/OWASP_Secure_TDD_ProjectNir Valtmannir.valtman@owasp.orgJune, 2014https://github.com/SecureTDD/VisualStudioDecember, 2015
74
Very minor updates but the project seems to be becoming dormant/low activityMay,2015IOWASP XSecurity ProjectToolGNU General Public License version 3.0 (GPLv3)OWASP_XSecurity_Projecthttps://www.owasp.org/index.php/OWASP_XSecurity_ProjectTokuji AkamineTokuji.Akamine@owasp.orgApril, 2014https://github.com/XSecurityDecember, 2015
75
VerificationSmall Python project, Documentation has been upodated but no major work on the code for more than a yearMay,2015IOWASP Pyttacker ProjectToolGNU General Public License version 3.0 (GPLv3)OWASP_Pyttacker_Projecthttps://www.owasp.org/index.php/OWASP_Pyttacker_ProjectMario Roblesmario.robles@owasp.org4/26/2014https://github.com/RoblesT/pyttacker/archive/master.zipDecember, 2015
76
VerificationProject has a very track record of releases, and complete information. It has been upgraded to lab statusMay,2015IOWASP Code Pulse ProjectToolApache 2.0 LicenseOWASP_Code_Pulse_Projecthttps://www.owasp.org/index.php/OWASP_Code_Pulse_ProjectHassan RadwanHassan.Radwan@owasp.org5/28/2014https://github.com/secdec/codepulse/releasesDecember, 2015
77
BreakerVerificationProject has not had an update in more than 6 months, but it contains at least a release. It has been set in low activityMay,2015IOWASP HTTP POST ToolToolGNU General Public License version 3.0 (GPLv3)owasp-http-post-toolhttps://www.owasp.org/index.php/OWASP_HTTP_Post_ToolTom Brenanntomb@owasp.org12/1/2010https://github.com/proactiveRISK/ddos-toolboxDecember, 2015Version 4.0 currently in the works.
78
Project page external download page and instructions are in german!May , 2015IOWASP PHP Security Training ProjectToolGNU GPL v3 Licenseowasp_php_security_training_project@lists.owasp.orghttps://www.owasp.org/index.php/OWASP_PHP_Security_Training_ProjectTimo Pageltimo.pagel@owasp.orgMay, 2014https://bitbucket.org/tpagel/php-security-training-systemDecember, 2015
79
BreakerVerificationProject is quite updated on info, but at code level in the repositories there has been very low activity, none in more than 6 months. release of pluginsMay , 2015IOWASP ASIDE ProjectToolCreative Commons ShareAlike v.3owasp-aside-projecthttps://www.owasp.org/index.php/OWASP_ASIDE_ProjectJing Xie, Bill Chu, John Meltonjxie2@uncc.edu, billchu@uncc.edu, john.melton@owasp.orgApril, 2014http://webpages.uncc.edu/~jzhu16/edu.uncc.sis.aside_1.0.0.201302251700.jarDecember, 2015
80
OtherNo updates in almost a year. Project has been ste as low activityMay,2015IOWASP Data Exchange Format ProjectDocumentApache License V2.0owasp-data-exchange-formathttps://www.owasp.org/index.php/OWASP_Data_Exchange_Format_ProjectTom stagepsiinon@gmail.com, dinis.cruz@owasp.org
Project has been taken by Tom Stage
July, 2011https://code.google.com/p/owasp-def/December, 2015Updated work was posted in June.
81
BuilderConstructionProject is been costantly updated. Has been set as LABFebruary,2015IOWASP Cheat Sheets ProjectDocumentCreative Commons Attribution ShareAlike License V3.0owasp-cheat-sheetshttps://www.owasp.org/index.php/Cheat_SheetsSherif Koussa, Jim Manicosherif.koussa@owasp.org, jim.manico@owasp.orgConstant updateshttps://www.owasp.org/index.php/Cheat_Sheets#tab=MainDecember, 2015This project is constantly revising and adding new cheet sheets. Currently working on a print edition.
82
BuilderConstructionQuite active. Last translation done in May 2015May,2015IOWASP Proactive ControlsDocumentCreative Commons Attribution ShareAlike 3.0 Licenseowasp_proactive_controls@lists.owasp.orghttps://www.owasp.org/index.php/OWASP_Proactive_ControlsJim Manicojim.manico@owasp.org
March, 2014https://www.owasp.org/index.php/OWASP_Proactive_Controls#tab=OWASP_Top_Ten_Proactive_ControlsDecember, 2015
83
BuilderConstructionMay,2015IOWASP Enterprise Application Security ProjectDocumentCreative Commons Attribution ShareAlike License V3.0owasp-eashttps://www.owasp.org/index.php/OWASP_Enterprise_Application_Security_ProjectAlexander Polyakova.polyakov@dsec.ruJuly, 2014http://erpscan.com/wp-content/uploads/2014/05/EASSEC-PVAG-ABAP.pdfDecember, 2015The most latest release was part of another project. The 55 page document that's part of the Enterprise Application Security Project can be found through the release link.
84
BreakerVerificationLacks a lot of contents and no activity in a more than a year/Has been set as inactiveMay,2015IOWASP GoatDroid ProjectDocumentGNL GPU v3 licenseowasp-mobile-security-projecthttps://www.owasp.org/index.php/Projects/OWASP_GoatDroid_ProjectJack ManninoJack@nvisiumsecurity.comFall, 2013https://github.com/jackMannino/OWASP-GoatDroid-Project/commits/masterDecember, 2015Reverted back to a clean project in April, 2014.
85
OtherMay,2015IOWASP Request For ProposalDocumentUnknownowasp-rfp-criteriahttps://www.owasp.org/index.php/OWASP_RFP-CriteriaTom Brennantomb@owasp.orgDecember, 2015
86
BreakerVerificationThis is not a project but an educational inititiveMay,2015IOWASP University ChallengeDocumentCreative Commons Attribution ShareAlike 3.0 LicenseOWASP_University_Challengehttps://www.owasp.org/index.php/OWASP_University_ChallengeIvan Buetler, Mateo Martinez- Ivan (ivan.buetler@owasp.org)
- Mateo (Mateo.Martinez@owasp.org)		AppSec EU 2014December, 2015Event held at most of the main AppSec events, last event held at AppSec EU 2014.
87
BreakerVerificationThis is not a project but an educational inititiveMay,2015IOWASP Hacking-LabDocumentCreative Commons Attribution ShareAlike 3.0 LicenseOWASP_Hacking_Labhttps://www.owasp.org/index.php/OWASP_Hacking_LabIvan Buetler, Mateo Martinez- Ivan (ivan.buetler@owasp.org)
- Mateo (Mateo.Martinez@owasp.org)		https://www.hacking-lab.com/index.htmlDecember, 2015
88
DefenderVerificationProject has been reactivated.New Roadmap , challenging projectJuly,2015IWASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)DocumentCreative Commons Attribution License 2.5https://www.owasp.org/index.php/WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_ProjectOfer Shezafofers@owasp.org1/1/2006http://projects.webappsec.org/f/wasc-wafec-v1.0.pdfDecember, 2015Last update was from January, 2013 and no release since 2006. The project leader doesn't respond to emails, but the project mailing list is active with reviewers.
89
OtherGovernanceProject has been upgraded to LABS. Great progress so farMay,2015IOWASP CISO SurveyDocumentCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_CISO_Surveyhttps://www.owasp.org/index.php/OWASP_CISO_SurveyTobias Gondromtobias.gondrom@owasp.orgJanuary, 2014https://www.owasp.org/index.php/OWASP_CISO_SurveyDecember, 2015
90
DefenderGovernanceProject has been upgraded to LABS. Great progress so farMay,2015IOWASP Application Security Guide For CISOsDocumentCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_Application_Security_Guide_For_CISOshttps://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_ProjectMarco MoranaMarco.m.morana@gmail.comNovember, 2013https://www.owasp.org/images/d/d6/Owasp-ciso-guide.pdfDecember, 2015
91
BuilderConstructionProject has been upgraded to LABS. Great progress so farMay,2015IOWASP CornucopiaDocumentCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_Cornucopiahttps://www.owasp.org/index.php/OWASP_CornucopiaColin WatsonColin.Watson@owasp.orgMarch, 2014https://www.owasp.org/images/7/71/Owasp-cornucopia-ecommerce_website.pdfDecember, 2015
92
There is a relase, but it has a year without any updates in wiki page or proof of activity.Wiki page is quite incomplete on certain sectionsMay2015IOWASP Secure Application Design ProjectDocumentApache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)OWASP_Secure_Application_Designhttps://www.owasp.org/index.php/OWASP_Secure_Application_Design_ProjectAshish RaoAshish.Rao@owasp.orghttps://www.owasp.org/images/f/f7/Checklist_For_Design.pdfDecember, 2015There has been two releases since the project inception, but due to errors, the release has been rolled back to the original. A new release is in the works.
93
BuilderUpdated.This is a traslation of teh OWASP top ten with a twits info for devsMay,2015IOWASP Top 10 Fuer EntwicklerDocumentCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_Top_10_Fuer_Entwicklerhttps://www.owasp.org/index.php/OWASP_Top_10_Fuer_Entwickler_ProjectTorsten Giglertorsten.gigler@owasp.orgJuly, 2013https://www.owasp.org/index.php/Germany/Projekte/Top_10_fuer_Entwickler-2013/InhaltsverzeichnisDecember, 2015Looks like they have the same release cycle as the Top 10 project.
94
Project has not been updated in more than a year.Set as inactive5/1/2015IOWASP Security Principles ProjectDocumentCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_Security_Principles_Projecthttps://www.owasp.org/index.php/OWASP_Security_Principles_ProjectDennis Grovesdennis.groves@owasp.orgJanuary, 2014https://github.com/OWASP/Security-PrinciplesDecember, 2015
95
This is an educationbal initiative, not really a project standard categoryMay,2015IOWASP Media ProjectDocumentCreative Commons Attribution ShareAlike 3.0 License (best for documentation projects)OWASP_Media_Projecthttps://www.owasp.org/index.php/OWASP_Media_ProjectJonathan MarcilJonathan.Marcil@owasp.orgJuly, 2014https://www.youtube.com/user/OWASPGLOBALDecember, 2015Uploads new videos after AppSec events.
96
This is an educationbal initiative, not really a project standard categoryMay,2015IOWASP Global Chapter Meetings ProjectDocumentApache 2.0OWASP_Global_Chapter_Meetings_Projecthttps://www.owasp.org/index.php/OWASP_Global_Chapter_Meetings_ProjectYvan BoilyYvanboily@gmail.comNovember, 2013December, 2015The latest global chapter meetup was in November, and there has been no activity since. Project leader had planned to make a push in May or June that didn't happen. Emailed project leader about status of the project.
97
Active.Content doc is continuesly and regular updated so farMay,2015IOWASP Vulnerable Web Applications Directory ProjectDocumentApache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)OWASP_Vulnerable_Web_Applications_Directory_Projecthttps://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_ProjectRaul Silesraul@raulsiles.comJanuary, 2014https://github.com/OWASP/OWASP-VWADDecember, 2015
98
May,2015IOWASP Game Security FrameworkDocumentApache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)OWASP_Game_Security_Frameworkhttps://www.owasp.org/index.php/OWASP_Game_Security_Framework_ProjectJason Haddixjason.haddix@owasp.comDecember, 2015
99
Project has no update in a year and poor content.has been set as inactiveN/AIOWASP Insecure Web Components ProjectDocumentCreative Commons Attribution ShareAlike 3.0 LicenseOWASP_Insecure_Web_Components_Projecthttps://www.owasp.org/index.php/OWASP_Insecure_Web_Components_ProjectTony Uvtonyuv@owasp.orgN/ADecember, 2015Created in January with no release. In April, project leader promised updates in June, which were not posted. Emailed project leaders about the status of the project.
100
DefenderQuite updated content and wiki pageMay,2015IOWASP Reverse Engineering and Code Modification Prevention ProjectDocumentApache 2.0OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Projecthttps://www.owasp.org/index.php/OWASP_Reverse_Engineering_and_Code_Modification_Prevention_ProjectJonathan CarterJonathan.Carter@owasp.orgApril, 2014https://www.owasp.org/images/e/ec/Consequences_of_a_Jailbroken_iDevice.pdfDecember, 2015