Best OWASP MCP Servers

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software through community-led open source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.

View all OWASP MCP Servers

Why this server?
Provides comprehensive coverage of OWASP ASI01-ASI10 security requirements for AI systems as part of SINT's security framework for physical AI.
SINT Protocol
Security Autonomous Agents Agent Orchestration
sint-ai
A
license
A
quality
C
maintenance
Security-enforcing MCP proxy that sits between an AI agent and any number of downstream MCP servers, intercepting every tool call through a capability-token policy gateway that can allow, deny, or escalate to human approval before the call reaches any real tool. It also exposes built-in operator tools for approval workflows, audit trail queries, token management, voice/HUD output, and hierarchical
Last updated 2026-05-01
12
21
4
Why this server?
Implements OWASP-aligned security checks through the test_security tool to validate authentication flows against security standards.
Better Auth MCP Server
Security Developer Tools Testing & QA Tools
nahmanmate
A
license
B
quality
B
maintenance
Enables enterprise-grade authentication management with secure credential handling and support for multi-protocol auth, complete with tools for analyzing, setting up, and testing authentication systems.
Last updated 2025-02-14
8
41
AGPL 3.0
Why this server?
Provides comprehensive access to OWASP security documentation, including detailed information on the OWASP Top 10 vulnerabilities and security cheat sheets.
Security Context MCP Server
Documentation Access Search Security
abreed05
A
license
A
quality
C
maintenance
Provides instant access to authoritative security documentation from organizations like OWASP, NIST, and major cloud providers through natural language semantic search. It enables users to retrieve security best practices, frameworks, and vulnerability information directly from a locally cached knowledge base.
Last updated 2026-01-13
4
1
MIT
Why this server?
Supports implementation of protection against OWASP top 10 vulnerabilities through rule creation and configuration.
Fastly NGWAF MCP Server
Security Autonomous Agents Remote
purpleax
A
license
B
quality
C
maintenance
Provides seamless integration with Fastly's Next-Gen Web Application Firewall API, enabling AI assistants to manage web application security through natural language interactions.
Last updated 2025-06-25
29
1
Why this server?
Integrates OWASP security guidelines and references for vulnerability classifications and remediation advice, mapping detected issues to OWASP Top 10 categories.
Adversary MCP Server
Penetration Testing Code Analysis Developer Tools
brettbergin
A
license
A
quality
C
maintenance
A security-focused server that integrates with Cursor IDE to provide real-time vulnerability detection, exploit generation, and security insights during software development.
Last updated 2025-08-26
7
1
MIT
Why this server?
Implements OWASP-aligned security checks for authentication systems, allowing validation against industry-standard security practices
Better Auth MCP Server
Security App Automation
LexiconAlex
A
license
B
quality
C
maintenance
Enterprise-grade authentication solution that provides secure credential management with encryption, multi-protocol authentication (OAuth2, SAML, LDAP), and real-time threat detection for applications.
Last updated 2025-02-14
8
1
AGPL 3.0
Why this server?
Conducts security audits and vulnerability scanning with OWASP compliance checking
Houtini-lm
Code Analysis Developer Tools Autonomous Agents
houtini-ai
A
license
B
quality
-
maintenance
Houtini LM - LM Studio MCP Server with Expert Prompt Library and Custom Prompting - Offload tasks to LM Studio from Claude Desktop.
Last updated 2026-04-21
34
277
71
Why this server?
Provides comprehensive integration with OWASP ZAP for automated web crawling (spider scans), active vulnerability scanning, proxy integration, alert management, and security context configuration.
VulneraMCP
Penetration Testing Security Testing & QA Tools
telmon95
A
license
B
quality
C
maintenance
AI-powered bug bounty hunting platform that integrates security tools (OWASP ZAP, Caido, Burp Suite) for automated reconnaissance, vulnerability testing, JavaScript analysis, and finding management with PostgreSQL storage.
Last updated 2025-11-28
47
28
MIT
Why this server?
Maps detected security findings to OWASP categories and standards to provide industry-standard vulnerability context.
VibeCheck MCP Server
Security Code Analysis Testing & QA Tools
BPN-Solutions
A
license
A
quality
C
maintenance
An AI-powered security audit tool that analyzes codebases for vulnerabilities using real-time MITRE CWE data and npm audit. It enables users to perform comprehensive scans for authentication issues, exposed secrets, and dependency risks with structured remediation steps.
Last updated 2026-02-03
2
2