Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for application security
application-security
x
363 search results found
Riskassessmentframework
⭐
161
The Secure Coding Framework
Security Skills Career Roadmap
⭐
156
Skills and career roadmap for various security roles like appsec, cloud security, devsecops, security engineer, security researchers, pentesting, api security, network security, mobile security and so on.with helpful resources, guidelines
Continuous Threat Modeling
⭐
154
A Continuous Threat Modeling methodology
Awesome Policy As Code
⭐
154
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Pycript
⭐
153
Burp Suite extension for bypassing client-side encryption using custom logic for pentesting and bug bounty
Auth_analyzer
⭐
146
Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Evabs
⭐
141
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Pygoat
⭐
141
intentionally vuln web Application Security in django
Mi X
⭐
138
Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)
Vulnerable Soap Service
⭐
138
Erlik - Vulnerable Soap Service
Domscan
⭐
133
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
Faction
⭐
133
Pen Test Report Generation and Assessment Collaboration
0l4bs
⭐
131
Cross-site scripting labs for web application security enthusiasts
Backup Finder
⭐
129
A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
Session Hijacking Visual Exploitation
⭐
127
Session Hijacking Visual Exploitation
Nerdbug
⭐
125
Full Nuclei automation script with logic explanation.
Dependency Check Plugin
⭐
124
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Kurukshetra
⭐
124
Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Vulnplanet
⭐
123
Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)
Vulnerable Flask App
⭐
121
Erlik 2 - Vulnerable-Flask-App
Infosec Interview Questions
⭐
111
🗒️ A [work-in-progress] collection for interview questions for Information Security roles
Admin Panel_finder
⭐
110
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
Owasp Summit 2017
⭐
110
Content for OWASP Summit 2017 site
Purpleteam
⭐
108
CLI component of OWASP PurpleTeam
Solutions Bwapp
⭐
108
In progress rough solutions to bWAPP / bee-box
Blisqy
⭐
107
Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
List Of Web Application Security
⭐
107
List of web application security
Bag Of Holding
⭐
107
An application to assist in the organization and prioritization of software security activities.
Libsast
⭐
106
Generic SAST Library
Websocket Fuzzer
⭐
100
HTML5 WebSocket message fuzzer
Jwtweak
⭐
99
Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Swisskyrepo Payloadsallthethings
⭐
96
https://github.com/swisskyrepo/PayloadsAllTheThing
Azure Cloud
⭐
94
Here you will find various Azure Demos & Tutorials that I've put together for Azure Cloud using DevOps, Container Services and other PaaS offerings.
Xvna
⭐
93
Extreme Vulnerable Node Application
Oob Server
⭐
92
A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
Blt
⭐
91
OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.
S8cn8tes
⭐
91
Cyber Security Notes, Methodology, Resources and Tips
Jwt Fuzzer
⭐
90
JWT fuzzer
App Sec Wiki
⭐
88
Files for appsecwiki.com
Appsec Resources
⭐
87
Resources for developers and security engineers to learn the ropes of application security
Guardian Rs
⭐
83
x86-64 code/pe virtualizer
Cve 2020 5398
⭐
82
💣 CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC
Sdk Golang
⭐
80
Ziti SDK for Golang
Vucsa
⭐
78
Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.
Dvfaas Damn Vulnerable Functions As A Service
⭐
78
Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
Safeurl
⭐
78
A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.
Cybersecurityroadmapsuggestions
⭐
77
This repository contains a list of roadmaps I created with my suggestions on LinkedIn and Twitter.🤞🏻😌
Unsafe_bank
⭐
77
Vulnerable Banking Suite
Purify
⭐
76
All-in-one tool for managing vulnerability reports from AppSec pipelines
Jawfish
⭐
72
Tool for breaking into web applications.
Owasp Wte
⭐
71
Home of the developement for OWASP WTE - the Web Testing Environment, a collection of pre-packaged Linux AppSec tools, apps and documentation used to create pre-configured VMs or installed ala carte in the Linux of your choice..
Vyapi
⭐
71
VyAPI - A cloud based vulnerable hybrid Android App
Essential Nodejs Security Book
⭐
69
Documentation for Essential Node.js Security
Threatmodel Sdk
⭐
68
A Java library for parsing and programmatically using threat models
Cryptonice
⭐
67
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.
Using Docker Kubernetes For Automating Appsec And Osint Workflows
⭐
67
Repository for all the workshop content delivered at nullcon X on 1st of March 2019
Resources For Application Security
⭐
67
Some good resources for getting started with application security
Zap Sonar Plugin
⭐
66
Integrates OWASP Zed Attack Proxy reports into SonarQube
Grepmarx
⭐
66
A source code static analysis platform for AppSec enthusiasts.
Bookmarks
⭐
64
A Burp Suite Extension to take back your repeater tabs
Ttt Pushing Left
⭐
64
This repository will teach you have to do my talk "Pushing Left, Like a Boss".
Template Injection Workshop
⭐
62
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
2ms
⭐
62
Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git
D4rkxss
⭐
61
A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF
Ziti Sdk C
⭐
61
A C-based sdk for delivering secure applications over a Ziti Network
Scorebot
⭐
59
Awesome Application Security
⭐
58
awesome application security chinese version
Mssqli Duet
⭐
57
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Www Project Top 10 Low Code No Code Security Risks
⭐
56
OWASP Low-Code/No-Code Top 10
Www Project Threat Dragon
⭐
56
OWASP Foundation Threat Dragon Project Web Repository
Sqli Postgres Rce Privesc Hacking Playground
⭐
52
Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.
Ziti Sdk Nodejs
⭐
51
An SDK for embedding zero trust into Node.JS applications and web servers to improve security.
Vimana Framework
⭐
50
Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Pentest Tools
⭐
48
Penetration Testing Tools Developed by AppSec Consulting.
Aquatone
⭐
48
A Tool for Domain Flyovers
Boast
⭐
47
The BOAST Outpost for AppSec Testing (v0.1.2)
Ziti Sdk Jvm
⭐
47
Ziti SDK for JVM
Ziti Sdk Py
⭐
45
Ziti SDK for Python
Sandboxed Fs
⭐
44
Sandbox wrapper for Node.js File System API 💾
Gore
⭐
43
A modular bug hunting and web application pentesting framework written in Go
Metasecjs
⭐
42
MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts
Ziti Sdk Swift
⭐
42
An OpenZiti SDK for Swift
Php Future
⭐
41
Polyfilling new features into old versions of PHP
Multiscanner
⭐
40
Security Tool which scans a target using OpenVAS, Zap, and Nexpose. And consolidates the scan result.
Hiccup
⭐
40
[DEPRECATED] Hiccup is a framework that allows the Burp Suite (a web application security testing tool, http://portswigger.net/burp/) to be extended and customized, through the interface provided by Burp Extender (http://portswigger.net/burp/extender/). Its aim is to allow for the development and integration of custom testing functionality into the Burp tool using Python request/response handler plugins.
Ziti Tunnel Sdk C
⭐
39
Www Project Machine Learning Security Top 10
⭐
39
OWASP Machine Learning Security Top 10 Project
Authjanitor
⭐
39
Manage the lifecycle of application tokens, keys, and secrets in Azure
Pentestingeverything
⭐
38
Web | Mobile | API | Thick Client | Source Code Review | Wireless | Network Pentesting etc...
Ssi_extra_materials
⭐
38
In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them
Ziti Sdk Csharp
⭐
37
An C#-based SDK to access Ziti
Www Project Code Review Guide
⭐
37
OWASP Code Review Guide Web Repository
Embeddedappsec
⭐
37
Embedded AppSec Best Practices
Dependency Track Plugin
⭐
37
Main repository for the official Dependency-Track Jenkins plugin
Obsidiansailboat
⭐
35
Nmap and NSE command line wrapper in the style of Metasploit
Osspolice
⭐
34
Identifying Open-Source License Violation and 1-day Security Risk at Large Scale
Awesome Security Articles
⭐
34
This repository contains links to awesome security articles.
Tictaac
⭐
34
Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used
Ukraine Infosec Conferences
⭐
34
Анонси, програми та архів матеріалів українських конференцій з кібер-безпеки.
Magento1 Open Source Patches
⭐
33
Magento Open Source 1.x patches mirror repository.
101-200 of 363 search results
< Previous
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.
