Awesome Open Source

Programming Languages

Search results for security application security

application-security x

98 search results found

Cheatsheetseries ⭐ 26,354

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Zaproxy ⭐ 11,661

The ZAP core project

Dirsearch ⭐ 11,165

Web path scanner

Juice Shop ⭐ 9,406

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Awesome Appsec ⭐ 5,722

A curated list of resources for learning about application security

Awesome Web Hacking ⭐ 5,260

A list of web application security

Whatweb ⭐ 5,096

Next generation web scanner

Faraday ⭐ 4,422

Open Source Vulnerability Management Platform

w3af: web application attack and audit framework, the open source web vulnerability scanner.

Django Defectdojo ⭐ 3,336

DevSecOps, ASPM, Vulnerability Management. All on one platform.

Interactsh ⭐ 2,879

An OOB interaction gathering server and client library

Command Injection Payload List ⭐ 2,375

🎯 Command Injection Payload List

Dependency Track ⭐ 2,119

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Content ⭐ 2,065

Security automation content in SCAP, Bash, Ansible, and other formats

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Cicd Goat ⭐ 1,723

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

Bearer ⭐ 1,554

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Metlo ⭐ 1,537

Metlo is an open-source API security platform.

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Devsecops ⭐ 1,451

♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎

Publications ⭐ 1,270

Publications from Trail of Bits

Awesome Threat Modelling ⭐ 1,148

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Awesome Devsecops ⭐ 1,128

Curating the best DevSecOps resources and tooling.

Mutillidae ⭐ 1,113

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

Janusec ⭐ 1,082

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负

Www Community ⭐ 982

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

Appsecezine ⭐ 968

AppSec Ezine Public Repository.

Awesome Php Security ⭐ 886

Awesome PHP Security Resources 🕶🐘🔐

Breaking And Pwning Apps And Servers Aws Azure Training ⭐ 885

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Security ⭐ 830

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Railsgoat ⭐ 827

A vulnerable version of Rails that follows the OWASP Top 10

Zap Extensions ⭐ 781

Leaky Paths ⭐ 746

A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Open-Source Security Architecture | 开源安全架构

Securecodebox ⭐ 667

secureCodeBox (SCB) - continuous secure delivery out of the box

Damn Vulnerable Bank ⭐ 600

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

Jackhammer ⭐ 599

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Dd Trace Go ⭐ 575

Datadog Go Library including APM tracing, profiling, and security monitoring.

Race The Web ⭐ 569

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Dependency Check Sonar Plugin ⭐ 532

Integrates Dependency-Check reports into SonarQube

Application Security ⭐ 519

Resources for Application Security including Web, API, Android, iOS and Thick Client

一款社区驱动的免费、高性能、高扩展顶级Web应用和API安全防护产品-南墙

Airship ⭐ 424

Secure Content Management for the Modern Web - "The sky is only the beginning"

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

Dd Trace Php ⭐ 374

Datadog PHP Clients

Awesome Nginx Security ⭐ 373

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

Poc Graphql ⭐ 371

Research on GraphQL from an AppSec point of view.

Web application vulnerability scanner

Badsecrets ⭐ 353

A library for detecting known secrets across many web frameworks

Njsscan ⭐ 318

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Watchdog ⭐ 309

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Security Champions Playbook ⭐ 287

Security Champions Playbook v 2.1

Threatplaybook ⭐ 266

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

Sbt Dependency Check ⭐ 259

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Vulnerableapp ⭐ 236

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.

SecHub provides a central API to test software with different security tools.

Spamscope ⭐ 224

Fast Advanced Spam Analysis Tool

Javasecurity ⭐ 224

Java web and command line applications demonstrating various security topics

Rfi Lfi Payload List ⭐ 224

🎯 RFI/LFI Payload List

Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.

Awesome Ios Security ⭐ 201

A curated list of awesome iOS application security resources.

Application Security Engineer Interview Questions ⭐ 174

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Security_ninjas_appsec_training ⭐ 170

OpenDNS application security training program

Top Spring Security Architecture ⭐ 169

Spring Security Architecture:: Topical guide to Spring Security, how the bits fit together and how they interact with Spring Boot

Patches ⭐ 168

A centralized repository of standalone security patches for open source libraries.

Oversecuredvulnerableiosapp ⭐ 165

Oversecured Vulnerable iOS App

Securityrat ⭐ 162

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Riskassessmentframework ⭐ 161

The Secure Coding Framework

Web Methodology ⭐ 161

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Security Skills Career Roadmap ⭐ 156

Skills and career roadmap for various security roles like appsec, cloud security, devsecops, security engineer, security researchers, pentesting, api security, network security, mobile security and so on.with helpful resources, guidelines

Continuous Threat Modeling ⭐ 154

A Continuous Threat Modeling methodology

Pycript ⭐ 153

Burp Suite extension for bypassing client-side encryption using custom logic for pentesting and bug bounty

intentionally vuln web Application Security in django

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)

Faction ⭐ 133

Pen Test Report Generation and Assessment Collaboration

Cross-site scripting labs for web application security enthusiasts

Dependency Check Plugin ⭐ 124

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Kurukshetra ⭐ 124

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

Vulnplanet ⭐ 123

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

Infosec Interview Questions ⭐ 111

🗒️ A [work-in-progress] collection for interview questions for Information Security roles

Owasp Summit 2017 ⭐ 110

Content for OWASP Summit 2017 site

Bag Of Holding ⭐ 107

An application to assist in the organization and prioritization of software security activities.

List Of Web Application Security ⭐ 107

List of web application security

Libsast ⭐ 106

Generic SAST Library

Extreme Vulnerable Node Application

S8cn8tes ⭐ 91

Cyber Security Notes, Methodology, Resources and Tips

Jwt Fuzzer ⭐ 90

App Sec Wiki ⭐ 88

Files for appsecwiki.com

Appsec Resources ⭐ 87

Resources for developers and security engineers to learn the ropes of application security

Guardian Rs ⭐ 83

x86-64 code/pe virtualizer

Sdk Golang ⭐ 80

Ziti SDK for Golang

Dvfaas Damn Vulnerable Functions As A Service ⭐ 78

Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.

All-in-one tool for managing vulnerability reports from AppSec pipelines

Tool for breaking into web applications.

Essential Nodejs Security Book ⭐ 69

Documentation for Essential Node.js Security

Cryptonice ⭐ 67

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.

Resources For Application Security ⭐ 67

Some good resources for getting started with application security

Related Searches

Security Vulnerabilities (12,295)

Laravel Security (11,580)

Php Security (10,611)

Python Security (3,386)

Javascript Security (3,004)

Java Security (2,474)

Html Security (2,284)

Security Spring (1,421)

Golang Security (1,316)

Shell Security (1,213)

1-98 of 98 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.