This project focuses on enhancing the scanning capabilities of Nettacker by introducing payload-based probing techniques for service detection. By...

OWTF's current architecture has four systemic bottlenecks: workers that sit idle between single-task fetches, a FIFO scheduler with no priority or...

The project should fix the N+1 queries problems across the project with DataLoaders. The file run-ci-cd.yaml should will be split into 5 files and...

This project aims to evolve the BLT-Vanish existing privacy management platform into a proactive, real-time identity defense system. While the...

This project enhances OWASP Nest by improving visibility of activity and recognition of contributors. OWASP Pulse provides a near real-time feed that...

OWASP FinBot is a security learning tool that lets people practice attacking AI agent systems in a safe environment. Right now it only teaches how to...

Currently, the EoP deck is not browsable or accessible through Cornucopia's API, blocking integration with OWASP Threat Dragon. This project adds a...

The current OWASP Snapshot system is passive and requires manual updates, forcing community members to constantly check the website to see what has...

This project addresses the challenge of distinguishing meaningful security knowledge from noisy or irrelevant changes in OWASP repositories....

BLT-Next proposal covers the full migration from Django monolith to static frontend on GitHub Pages with Cloudflare Python Workers at the edge. The...

Development teams using OWASP Cornucopia for threat modelling have no automated way to turn played cards into actionable Jira user stories - this...

This proposal focuses on automating the generation of print-ready PDFs for OWASP Cornucopia by replacing the current InDesign-dependent workflow with...

FinBot CTF has no defensive layer, players can exploit agentic AI vulnerabilities but can't learn to stop them. This project fixes that gap. I'll...

This project extends OWASP FinBot by implementing a guardrail and detection framework for agent based AI systems. The system will monitor tool usage,...

OpenCRE currently lacks an automated mechanism to continuously monitor upstream security knowledge sources such as OWASP repositories and detect...

OWTF right now has a fixed set of plugins. If a security researcher wants to add a new tool or technique, there is no way to do it without touching...

The OWASP Agent - Module C: The Librarian (OpenCRE) project makes it possible to use continuously changing OWASP guidance inside OpenCRE, while...

NetGuardian is a zero-trust ingestion and triage pipeline that connects distributed security producers to BLT. A Cloudflare Python Worker sits at the...

The OWASP Web Application Honeypot is the only open community project focused on the HTTP application layer, but it currently sits as a dormant...

FinBot CTF is OWASP's premier learning environment for agentic AI security, yet it currently operates solely as an offensive arena. Practitioners can...

This project improves transparency in OWASP Board of Directors elections by implementing a verified candidate claims system with a structured...

BLT University is an interactive security learning platform built on top of OWASP BLT that transforms existing labs into hands-on, code-driven...

This proposal outlines modernization of Pygoat, focusing on scalability and a future-proof curriculum. The top priority is a complete structural and...

OWTF's proxy silently drops every HTTPS transaction, blocks the entire event loop during live interception, and is written in deprecated Tornado...

DSOMM's Angular frontend currently runs on Angular 13, a version that reached end-of-life in 2023 and is eight major versions behind the latest...

FinBot CTF has 16 Red track challenges where players attack a live AI agent. There is no defense side. Players can learn to exploit the agent but...