OWASP DevSlop Modules

DevSlop has different modules that make up the project. You can use one, some, or all of them. They are all maintained to function independantly of each other.


Details to follow on Pixi-CRS. This module is lead by Franziska B├╝hler.

Code to be found here.


This website is the Patty Module proof of concept! Built with an Azure + ASP.Net Core DevSecOps pipeline, it releases this website/web app through the pipeline to demonstrate implemented security automation. Check out Patty! This module is lead by Tanya Janca.

The Patty video series: YouTube. Code for the this website, Devslop.co, is here.


DevSlop's Pixi, the first of many applications to come for this OWASP project, is currently publicly available for your hacking and learning pleasure. Pixi is available in several docker containers and consists of a vulnerable web app and API service. The intent is to teach users how to test modern web applications and API's for security issues and how to write more secure API's in the future. This module is lead by This module is lead by Nicole Becher, with help from Mordecai Kraushar and Tanya Janca.

Code to be found here.