OWASP

live DeveloperLegal

OWASP security standards: the Top 10 families (Web, API, LLM/GenAI, Mobile), the ASVS 5.0 verification requirements with citable ids and levels, and the Cheat Sheet Series as live guidance.

4 tools
0ms auth
free tier 50 calls/day

Tools

top10

An OWASP Top 10 list with each category id, name, summary and the canonical URL. Lists: "web" (2021), "api" (2023), "llm" (LLM/GenAI applications 2025), "mobile" (2024). Use for awareness, mapping a f

No parameters required.

Try it
asvs_chapters

Table of contents for the OWASP ASVS 5.0 (Application Security Verification Standard): the 17 chapters (V1–V17) with names and requirement counts per assurance level. Use to discover which chapter to

No parameters required.

Try it
asvs_requirements

Testable security requirements from OWASP ASVS 5.0, each with its verification id (e.g. "V6.2.1"), section, level (L1/L2/L3) and text — the citable controls layer. Filter by chapter, level and/or keyw

No parameters required.

Try it
cheat_sheet

OWASP Cheat Sheet Series — concise, practical defensive guidance. With a topic, returns the matching cheat sheet as Markdown (or candidate matches if ambiguous). Without a topic, lists all available c

No parameters required.

Try it

Test with curl

The gateway speaks JSON-RPC 2.0 over HTTP POST. You can test any pack directly from the terminal.

List available tools
bash 
curl -X POST https://gateway.pipeworx.io/owasp/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
Call a tool
bash 
curl -X POST https://gateway.pipeworx.io/owasp/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"top10","arguments":{}}}'

Use with the SDK

Install @pipeworx/sdk to call tools from any TypeScript/Node project.

TypeScript 
import { Pipeworx } from '@pipeworx/sdk';
const px = new Pipeworx();
const result = await px.call("top10", {});
ask_pipeworx 
// Or ask in plain English:
const answer = await px.ask("owasp security standards: the top 10 families (web, api, llm/genai, mobile), the asvs 5");

Related packs

Other Pipeworx packs in the same categories (Developer, Legal):

SPDX License List

Canonical SPDX open-source license list with full text and OSI/FSF flags. Keyless.

4 tools
EUR-Lex

Official EU law, article-level: search legislation and quote GDPR, NIS2, DORA, the EU AI Act and the rest of the EU digital/compliance corpus with verifiable EUR-Lex citations.

6 tools
GovInfo

Full text of US government publications — laws, CFR, Federal Register, hearings, public laws. Reuses your data.gov key.

5 tools
ISO Standards

Search and look up the full ISO catalogue (~80k deliverables): reference, title, abstract, publication status, edition, ICS, committee and supersession chain, with the correct iso.org link and a best-effort price. Backed by ISO Open Data; normative clause text stays paywalled.

4 tools
OpenStates

Bills, legislators, votes in all 50 US states. Closes the federal-vs-state gap left by congress / propublica-congress.

4 tools
Regulations.gov

Federal regulatory dockets, documents, and public comments. Reuses your data.gov API key.

5 tools