Welcome to the OWASP Global Projects Page

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has ‘over ‘93’ active projects’, and new project applications are submitted every week.


This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the OWASP Project Mailing Lists page. A summary of recent project announcements is available on the OWASP Updates page.

Download the OWASP Project Handbook 2014

Or read the wiki version: OWASP Project Handbook Wiki 2014

Project Online Resources

Who Should Start an OWASP Project?

  • Application Developers.
  • Software Architects.
  • Information Security Authors.
  • Those who would like the support of a world wide professional community to develop or test an idea.
  • Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

Fund Information

OWASP Project Inventory All OWASP tools, document, and code library projects are organized into the following categories:

Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
Lab Projects: OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.
Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

List of Projects by Level or Type

Flagship Projects Flagship

Lab Projects Lab

Incubator Projects Incubator

Projects Needing Website Update

Flagship Projects

Projects that have demonstrated strategic value to OWASP and application security as a whole

Tool Projects

OWASP Csrfguard

More info soon…

OWASP Dependency Check

Dependency-Check is a software composition analysis utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.

OWASP Dependency Track

Intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

OWASP Juice Shop

Probably the most modern and sophisticated insecure web application for security trainings, awareness demos and CTFs. Also great voluntary guinea pig for your security tools and DevSecOps pipelines!

OWASP Security Knowledge Framework

More info soon…


The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Great for pentesters, devs, QA, and CI/CD integration.

Documentation Projects

OWASP Cheat Sheets

More info soon…

OWASP Mobile Security Testing Guide

More info soon…


More info soon…

OWASP Testing

The OWASP Web Security Testing Guide includes a “best practice” penetration testing framework which users can implement in their own organizations and a “low level” penetration testing guide that describes techniques for testing most common web application and web service security issues.

Code Projects

OWASP Modsecurity Core Rule Set

More info soon…