Best OWASP MCP Servers

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software through community-led open source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.

View all OWASP MCP Servers

Why this server?
Enriches security audit findings with OWASP security categories and standardized vulnerability references.
VibeCheck MCP Server
Security Code Analysis Testing & QA Tools
philiphess1
A
security
A
license
-
quality
An AI-powered security audit tool that analyzes codebases for vulnerabilities using real-time data from MITRE CWE and npm audit. It enables deep analysis of authentication, API security, and dependencies to provide structured findings and remediation steps.
Last updated 2 months ago
2
3
1
MIT
Why this server?
Maps detected security findings to OWASP categories and standards to provide industry-standard vulnerability context.
VibeCheck MCP Server
Security Code Analysis Testing & QA Tools
BPN-Solutions
A
security
A
license
-
quality
An AI-powered security audit tool that analyzes codebases for vulnerabilities using real-time MITRE CWE data and npm audit. It enables users to perform comprehensive scans for authentication issues, exposed secrets, and dependency risks with structured remediation steps.
Last updated 2 months ago
2
3
MIT
Why this server?
Conducts security audits and vulnerability scanning with OWASP compliance checking
Houtini-lm
Code Analysis Developer Tools Autonomous Agents
houtini-ai
A
security
A
license
-
quality
Houtini LM - LM Studio MCP Server with Expert Prompt Library and Custom Prompting - Offload tasks to LM Studio from Claude Desktop.
Last updated 4 days ago
34
57
18
MIT
Why this server?
Provides comprehensive integration with OWASP ZAP for automated web crawling (spider scans), active vulnerability scanning, proxy integration, alert management, and security context configuration.
VulneraMCP
Penetration Testing Security Testing & QA Tools
telmon95
A
security
A
license
-
quality
AI-powered bug bounty hunting platform that integrates security tools (OWASP ZAP, Caido, Burp Suite) for automated reconnaissance, vulnerability testing, JavaScript analysis, and finding management with PostgreSQL storage.
Last updated 4 months ago
47
26
MIT
Why this server?
Provides comprehensive access to OWASP security documentation, including detailed information on the OWASP Top 10 vulnerabilities and security cheat sheets.
Security Context MCP Server
Documentation Access Search Security
abreed05
A
security
A
license
-
quality
Provides instant access to authoritative security documentation from organizations like OWASP, NIST, and major cloud providers through natural language semantic search. It enables users to retrieve security best practices, frameworks, and vulnerability information directly from a locally cached knowledge base.
Last updated 3 months ago
4
1
MIT
Why this server?
Supports implementation of protection against OWASP top 10 vulnerabilities through rule creation and configuration.
Fastly NGWAF MCP Server
Security Autonomous Agents Remote
purpleax
A
security
A
license
-
quality
Provides seamless integration with Fastly's Next-Gen Web Application Firewall API, enabling AI assistants to manage web application security through natural language interactions.
Last updated 10 months ago
29
1
MIT
Why this server?
Provides structured access to the OWASP Bug Logging Tool (BLT) ecosystem, allowing AI agents to submit issues, triage vulnerabilities, manage security workflows, and track contributor rankings and rewards.
BLT-MCP
Security Testing & QA Tools Penetration Testing
OWASP-BLT
A
security
A
license
-
quality
Provides AI agents with structured access to the OWASP Bug Logging Tool (BLT) ecosystem for logging bugs, triaging issues, and managing security workflows. It enables actions like submitting vulnerabilities, tracking contributor leaderboards, and awarding gamified bacon points through a unified interface.
Last updated 13 days ago
4
9
AGPL 3.0
Why this server?
Provides reference documentation for OWASP Top 10 vulnerability categories to guide security assessment workflows
VibeDefender MCP Server
Penetration Testing Security Documentation Access
yunusj
A
security
A
license
-
quality
Provides security assessment methodology, tool documentation, and step-by-step workflows to guide AI agents through vulnerability scanning, static analysis, and penetration testing of applications and URLs.
Last updated 4 months ago
1
MIT
Why this server?
Integrates OWASP security guidelines and references for vulnerability classifications and remediation advice, mapping detected issues to OWASP Top 10 categories.
Adversary MCP Server
Penetration Testing Code Analysis Developer Tools
brettbergin
A
security
A
license
-
quality
A security-focused server that integrates with Cursor IDE to provide real-time vulnerability detection, exploit generation, and security insights during software development.
Last updated 7 months ago
7
1
MIT