##Introduction Many developers and companies looking to implement security are turning towards OWASP to use Defender libraries that they can implement to secure their critical applications. Since this implies a form of trust in OWASP, many users of these projects might forget or not be aware that many of them are Open Source and lack an expected security assurance review, which at the moment is not done by OWASP.

##Repository This repository contains web applications protected by OWASP projects that are running a Bug Bounty. Researchers can download and run locally these applications in order to test their security. Explanation regarding each bounty scope please visit each project page at BugCrowd Bounty Source pages here: ####Running at the moment: *OWASP ZAP : https://bugcrowd.com/owaspzap

*OWASP Java HTML Sanitizer: https://bugcrowd.com/owaspjavasanitizer

*OWASPCRSFGuard:https://bugcrowd.com/owaspcrsfguard

#Issues If you are having issues running the applications,please report your problem as an issue

##FAQ

###I'm a Bug Hunter, how can I participate? Please contact BugCrowd as our Bug Bounty is working through their portal. This Github repository is hosting the web applications for each project, so you can download it and run it into your own ennvironment. If you have issues running the application, please create an issue in this repository.

For additional inquiries about the OWASP Bug Bounty program, contact [email protected].

###Is the Bug Bounty open to all Researchers? Yes, just keep in mind that you need to be registered as researcher on the Bugcrowd platform.