Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for security application security
application-security
x
security
x
98 search results found
Cheatsheetseries
⭐
26,354
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Zaproxy
⭐
11,661
The ZAP core project
Dirsearch
⭐
11,165
Web path scanner
Juice Shop
⭐
9,406
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Wstg
⭐
6,220
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Awesome Appsec
⭐
5,722
A curated list of resources for learning about application security
Awesome Web Hacking
⭐
5,260
A list of web application security
Whatweb
⭐
5,096
Next generation web scanner
Faraday
⭐
4,422
Open Source Vulnerability Management Platform
W3af
⭐
4,142
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Django Defectdojo
⭐
3,336
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Interactsh
⭐
2,879
An OOB interaction gathering server and client library
Command Injection Payload List
⭐
2,375
🎯 Command Injection Payload List
Dependency Track
⭐
2,119
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Content
⭐
2,065
Security automation content in SCAP, Bash, Ansible, and other formats
Kics
⭐
1,882
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Cicd Goat
⭐
1,723
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Bearer
⭐
1,554
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Metlo
⭐
1,537
Metlo is an open-source API security platform.
Xvwa
⭐
1,468
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
Devsecops
⭐
1,451
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
Publications
⭐
1,270
Publications from Trail of Bits
Awesome Threat Modelling
⭐
1,148
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Awesome Devsecops
⭐
1,128
Curating the best DevSecOps resources and tooling.
Mutillidae
⭐
1,113
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
Janusec
⭐
1,082
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负
Www Community
⭐
982
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Appsecezine
⭐
968
AppSec Ezine Public Repository.
Awesome Php Security
⭐
886
Awesome PHP Security Resources 🕶🐘🔐
Breaking And Pwning Apps And Servers Aws Azure Training
⭐
885
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
Security
⭐
830
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
Railsgoat
⭐
827
A vulnerable version of Rails that follows the OWASP Top 10
Zap Extensions
⭐
781
ZAP Add-ons
Leaky Paths
⭐
746
A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Ossa
⭐
711
Open-Source Security Architecture | 开源安全架构
Securecodebox
⭐
667
secureCodeBox (SCB) - continuous secure delivery out of the box
Damn Vulnerable Bank
⭐
600
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Jackhammer
⭐
599
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Dd Trace Go
⭐
575
Datadog Go Library including APM tracing, profiling, and security monitoring.
Race The Web
⭐
569
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Dependency Check Sonar Plugin
⭐
532
Integrates Dependency-Check reports into SonarQube
Application Security
⭐
519
Resources for Application Security including Web, API, Android, iOS and Thick Client
Uuwaf
⭐
425
一款社区驱动的免费、高性能、高扩展顶级Web应用和API安全防护产品-南墙
Airship
⭐
424
Secure Content Management for the Modern Web - "The sky is only the beginning"
Spoofy
⭐
394
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Dd Trace Php
⭐
374
Datadog PHP Clients
Awesome Nginx Security
⭐
373
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Poc Graphql
⭐
371
Research on GraphQL from an AppSec point of view.
Taipan
⭐
369
Web application vulnerability scanner
Badsecrets
⭐
353
A library for detecting known secrets across many web frameworks
Njsscan
⭐
318
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Watchdog
⭐
309
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Security Champions Playbook
⭐
287
Security Champions Playbook v 2.1
Threatplaybook
⭐
266
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Sbt Dependency Check
⭐
259
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Vulnerableapp
⭐
236
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
Sechub
⭐
228
SecHub provides a central API to test software with different security tools.
Spamscope
⭐
224
Fast Advanced Spam Analysis Tool
Javasecurity
⭐
224
Java web and command line applications demonstrating various security topics
Rfi Lfi Payload List
⭐
224
🎯 RFI/LFI Payload List
Casr
⭐
214
Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
Awesome Ios Security
⭐
201
A curated list of awesome iOS application security resources.
Application Security Engineer Interview Questions
⭐
174
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Security_ninjas_appsec_training
⭐
170
OpenDNS application security training program
Top Spring Security Architecture
⭐
169
Spring Security Architecture:: Topical guide to Spring Security, how the bits fit together and how they interact with Spring Boot
Patches
⭐
168
A centralized repository of standalone security patches for open source libraries.
Oversecuredvulnerableiosapp
⭐
165
Oversecured Vulnerable iOS App
Securityrat
⭐
162
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Riskassessmentframework
⭐
161
The Secure Coding Framework
Web Methodology
⭐
161
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Security Skills Career Roadmap
⭐
156
Skills and career roadmap for various security roles like appsec, cloud security, devsecops, security engineer, security researchers, pentesting, api security, network security, mobile security and so on.with helpful resources, guidelines
Continuous Threat Modeling
⭐
154
A Continuous Threat Modeling methodology
Pycript
⭐
153
Burp Suite extension for bypassing client-side encryption using custom logic for pentesting and bug bounty
Pygoat
⭐
141
intentionally vuln web Application Security in django
Evabs
⭐
141
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Mi X
⭐
138
Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)
Faction
⭐
133
Pen Test Report Generation and Assessment Collaboration
0l4bs
⭐
131
Cross-site scripting labs for web application security enthusiasts
Dependency Check Plugin
⭐
124
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Kurukshetra
⭐
124
Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Vulnplanet
⭐
123
Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)
Infosec Interview Questions
⭐
111
🗒️ A [work-in-progress] collection for interview questions for Information Security roles
Owasp Summit 2017
⭐
110
Content for OWASP Summit 2017 site
Bag Of Holding
⭐
107
An application to assist in the organization and prioritization of software security activities.
List Of Web Application Security
⭐
107
List of web application security
Libsast
⭐
106
Generic SAST Library
Xvna
⭐
93
Extreme Vulnerable Node Application
S8cn8tes
⭐
91
Cyber Security Notes, Methodology, Resources and Tips
Jwt Fuzzer
⭐
90
JWT fuzzer
App Sec Wiki
⭐
88
Files for appsecwiki.com
Appsec Resources
⭐
87
Resources for developers and security engineers to learn the ropes of application security
Guardian Rs
⭐
83
x86-64 code/pe virtualizer
Sdk Golang
⭐
80
Ziti SDK for Golang
Dvfaas Damn Vulnerable Functions As A Service
⭐
78
Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
Vucsa
⭐
78
Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.
Purify
⭐
76
All-in-one tool for managing vulnerability reports from AppSec pipelines
Jawfish
⭐
72
Tool for breaking into web applications.
Essential Nodejs Security Book
⭐
69
Documentation for Essential Node.js Security
Cryptonice
⭐
67
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.
Resources For Application Security
⭐
67
Some good resources for getting started with application security
Related Searches
Security Vulnerabilities (12,295)
Laravel Security (11,580)
Php Security (10,611)
Python Security (3,386)
Javascript Security (3,004)
Java Security (2,474)
Html Security (2,284)
Security Spring (1,421)
Golang Security (1,316)
Shell Security (1,213)
1-98 of 98 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.