Top pick
OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.
pentestwebdastowaspproxy
Browse & filter
Filter by platform, license text, maturity, maintenance cadence, and editorial tags like privacy-focused or self-hosted. Search matches names, summaries, tags, and use cases.
6 tools match your filters
Top pick
Attack surface mapping engine: DNS, certificates, APIs, scraping, and graphing for deep asset discovery.
pentestosintasmowasp
Also strong
Static analysis engine matching AST patterns—rules for OWASP classes, secrets, and custom policies.
sastdevsecopsstatic-analysisowasp
Also strong
Web application firewall engine for Apache, nginx, and IIS with OWASP CRS rule sets and audit logging.
wafwebowaspreverse-proxy
Also strong
Continuous SBOM analysis platform tracking component vulnerabilities, policies, and audit trails for supply chain risk.
sbomsupply-chainowaspvulnerabilityself-hosted
Top pick
Community awareness document for critical web application risks.
owaspwebstandards