Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for application security
application-security
x
363 search results found
Cheatsheetseries
⭐
26,354
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Zaproxy
⭐
11,661
The ZAP core project
Dirsearch
⭐
11,165
Web path scanner
Juice Shop
⭐
9,406
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Wstg
⭐
6,220
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Awesome Appsec
⭐
5,722
A curated list of resources for learning about application security
Awesome Web Hacking
⭐
5,260
A list of web application security
Whatweb
⭐
5,096
Next generation web scanner
Go Scp
⭐
4,689
Golang Secure Coding Practices guide
Faraday
⭐
4,422
Open Source Vulnerability Management Platform
W3af
⭐
4,142
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Security Study Plan
⭐
3,949
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
Django Defectdojo
⭐
3,336
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Payloads
⭐
3,289
Git All the Payloads! A collection of web attack payloads.
Interactsh
⭐
2,879
An OOB interaction gathering server and client library
Command Injection Payload List
⭐
2,375
🎯 Command Injection Payload List
Dependency Track
⭐
2,119
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Content
⭐
2,065
Security automation content in SCAP, Bash, Ansible, and other formats
Kics
⭐
1,882
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Cicd Goat
⭐
1,723
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Ziti
⭐
1,698
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
Bearer
⭐
1,554
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Metlo
⭐
1,537
Metlo is an open-source API security platform.
Nope Proxy
⭐
1,507
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
Xvwa
⭐
1,468
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
Devsecops
⭐
1,451
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
Publications
⭐
1,270
Publications from Trail of Bits
Awesome Threat Modelling
⭐
1,148
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Awesome Devsecops
⭐
1,128
Curating the best DevSecOps resources and tooling.
Mutillidae
⭐
1,113
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
Janusec
⭐
1,082
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负
Androl4b
⭐
1,050
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Learn365
⭐
1,006
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
Www Community
⭐
982
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Appsecezine
⭐
968
AppSec Ezine Public Repository.
Vapi
⭐
898
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Awesome Php Security
⭐
886
Awesome PHP Security Resources 🕶🐘🔐
Breaking And Pwning Apps And Servers Aws Azure Training
⭐
885
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
Kamus
⭐
855
An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
Autorize
⭐
843
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Security
⭐
830
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
Railsgoat
⭐
827
A vulnerable version of Rails that follows the OWASP Top 10
Owasp Vwad
⭐
790
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Zap Extensions
⭐
781
ZAP Add-ons
Leaky Paths
⭐
746
A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Ossa
⭐
711
Open-Source Security Architecture | 开源安全架构
Sast Scan
⭐
697
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Securecodebox
⭐
667
secureCodeBox (SCB) - continuous secure delivery out of the box
Damn Vulnerable Bank
⭐
600
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Jackhammer
⭐
599
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Dd Trace Go
⭐
575
Datadog Go Library including APM tracing, profiling, and security monitoring.
Race The Web
⭐
569
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Openappsec
⭐
557
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Dependency Check Sonar Plugin
⭐
532
Integrates Dependency-Check reports into SonarQube
Application Security
⭐
519
Resources for Application Security including Web, API, Android, iOS and Thick Client
Practicalcybersecurityresources
⭐
471
This repository contains a curated list of resources I suggest on LinkedIn and Twitter.📝🌝
Privado
⭐
454
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
Uuwaf
⭐
425
一款社区驱动的免费、高性能、高扩展顶级Web应用和API安全防护产品-南墙
Airship
⭐
424
Secure Content Management for the Modern Web - "The sky is only the beginning"
Ovaa
⭐
416
Oversecured Vulnerable Android App
Grab N Run
⭐
416
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
Zxhookdetection
⭐
406
【iOS应用安全、安全攻防】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱
Spoofy
⭐
394
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Juice Shop Ctf
⭐
391
Tool to export Juice Shop challenges and hints in data format compatible with CTFd, RootTheBox or FBCTF
Awesome Android Reverse Engineering
⭐
376
A curated list of awesome Android Reverse Engineering training, resources, and tools.
Dd Trace Php
⭐
374
Datadog PHP Clients
Awesome Nginx Security
⭐
373
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Poc Graphql
⭐
371
Research on GraphQL from an AppSec point of view.
Taipan
⭐
369
Web application vulnerability scanner
Badsecrets
⭐
353
A library for detecting known secrets across many web frameworks
Njsscan
⭐
318
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Watchdog
⭐
309
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Agartha
⭐
292
a burp extension creates dynamic payloads to reveal injection flaws(LFI, RCE, SQLi), generates user access tables to spot authentication/authorization issues, and copys Http requests as JavaScript code.
Security Champions Playbook
⭐
287
Security Champions Playbook v 2.1
Threatplaybook
⭐
266
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Sbt Dependency Check
⭐
259
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Jsanity
⭐
257
A secure-by-default, performance, cross-browser client-side HTML sanitization library
Zap Hud
⭐
252
The ZAP Heads Up Display (HUD)
Vulnerableapp
⭐
236
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
Security Interview Questions
⭐
230
Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on
Threat Model Cookbook
⭐
229
This project is about creating and publishing threat model examples.
Sechub
⭐
228
SecHub provides a central API to test software with different security tools.
Spamscope
⭐
224
Fast Advanced Spam Analysis Tool
Rfi Lfi Payload List
⭐
224
🎯 RFI/LFI Payload List
Javasecurity
⭐
224
Java web and command line applications demonstrating various security topics
Free Rasp Community
⭐
222
SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.
Casr
⭐
214
Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
Learn365
⭐
207
This repository is about @AnubhavSingh_'s 365 days of Learning Tweets collection.
Awesome Ios Security
⭐
201
A curated list of awesome iOS application security resources.
Nist Data Mirror
⭐
195
A simple Java command-line utility to mirror the CVE JSON data from NIST.
Crimson
⭐
194
Web Application Security Testing Tools
Supee 6788 Toolbox
⭐
194
Analysis/fix tool for extension and customization conflicts resulting from the Magento SUPEE-6788 patch.
Application Security Engineer Interview Questions
⭐
174
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Security_ninjas_appsec_training
⭐
170
OpenDNS application security training program
Top Spring Security Architecture
⭐
169
Spring Security Architecture:: Topical guide to Spring Security, how the bits fit together and how they interact with Spring Boot
Patches
⭐
168
A centralized repository of standalone security patches for open source libraries.
Oversecuredvulnerableiosapp
⭐
165
Oversecured Vulnerable iOS App
Bulwark
⭐
163
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Securityrat
⭐
162
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Web Methodology
⭐
161
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
1-100 of 363 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.