Celebrating real impact, strong mentorship, and a growing community
The Google Summer of Code (GSoC) 2025 program has wrapped, and OWASP's participation once again delivered meaningful improvements across the open-source security ecosystem. This year, 15 contributors worked across multiple OWASP projects, supported by 26 mentors. Of the 15 projects evaluated, 10 reached successful completion, three are still working on the final deliveries with extended deadlines, and two unfortunately not making the finish line.
Beyond code merged and features shipped, GSoC 2025 strengthened the pipeline of new contributors, future maintainers, and next-year mentors. Here's a closer look at what we achieved together.
Migrated the API toward Django Ninja, optimizing REST endpoints and paving the way for clearer schemas, better performance, and more maintainable service boundaries.
A major upgrade to OWASP PyGoat, the educational vulnerable app, focusing on modular architecture, clearer lab flows, and better secure-coding learning outcomes.
Enhanced OWASP Nettacker with better reconnaissance scanning features and optimized task handling to reduce noise, improve reliability, and streamline operator feedback loops.
Modernized the Man-in-the-Middle proxy inside OWASP OWTF to improve stability and compatibility with evolving browser/proxy ecosystems.
Optimized gap analysis with improved Neo4j performance, AI-driven mappings between CREs and controls, and enhanced visualizations. Frontend upgrades for greater usability, responsiveness, and clarity.
Several impactful projects were developed to enhance open-source security, education, and contributor engagement:
Together, these projects significantly advanced the usability, security, and educational value of the OWASP BLT ecosystem.
Successful projects started with achievable milestones, then iterated toward stretch goals. Weekly demos, small PRs, and fast feedback helped contributors maintain momentum.
Mentors and contributors kept a regular rhythm: weekly 1:1s, short written updates, and community calls, so risks surfaced early and success was visible to the wider community.
Lightning talks, end-of-program showcases, and social posts gave contributors credit and confidence, while helping other projects discover reusable ideas.
As contributors matured, they took on triage, code reviews, or small leadership tasks.
The Community Bonding period is where retention begins. This year we emphasized:
If you're interested in contributing or mentoring in GSoC 2026, keep an eye on OWASP community channels for timelines, idea lists, and onboarding sessions. Let's build on the momentum of 2025 together!
Heartfelt thanks to our contributors & mentors and the wider OWASP community. Whether you shipped a feature, reviewed code, wrote docs, or helped someone get unblock -- you moved AppSec forward.