XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.

✭ 1,540

PHP HTML hack CSS mysql vulnerability knowledge application-security xvwa learning-appsec

Securityrat

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

✭ 115

javascript security automation owasp appsec application-security

Bulwark

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

✭ 113

typescript nodejs angular express security-tools pentesting bugbounty red-team appsec application-security vulnerability-assessment vulnerability-management

Mssqli Duet

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

✭ 82

python windows penetration-testing active-directory mssql sql-injection application-security burp-extensions burp-plugin

Content

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

✭ 1,219

python security ansible security-tools cybersecurity security-automation security-hardening compliance hardening information-security application-security pci-dss

Vyapi

VyAPI - A cloud based vulnerable hybrid Android App

✭ 75

java application-security mobile-security aws-cognito

Androl4b

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

✭ 908

android reverse-engineering penetration-testing application-security mobile-security

Ossa

Open-Source Security Architecture | 开源安全架构

✭ 796

security security-tools security-audit vulnerabilities vulnerability-scanners security-scanner security-vulnerability application-security ids

Janusec

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

✭ 771

go golang security gateway xss reverse-proxy waf sql-injection application-security

Breaking And Pwning Apps And Servers Aws Azure Training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

✭ 749

css pentesting opensource free penetration-testing application-security

Awesome Php Security

Awesome PHP Security Resources 🕶🐘🔐

✭ 666

security awesome awesome-list security-tools devsecops application-security

Command Injection Payload List

🎯 Command Injection Payload List

✭ 658

linux security macos windows unix bugbounty application vulnerability os injection payload command security-vulnerability application-security security-testing

Jackhammer

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

✭ 633

java security penetration-testing static-code-analysis vulnerability-scanners security-scanner dynamic-analysis network-security application-security vulnerability-assessment mobile-security vulnerability-management penetration-testing-framework

Awesome Appsec

A curated list of resources for learning about application security

✭ 4,761

PHP security owasp application-security reading-list curated security-experts

Juice Shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

✭ 6,270

javascript typescript HTML SCSS Pug Handlebars hacktoberfest hacking pentesting ctf owasp appsec application-security security vulnerable owasp-top-10 owasp-top-ten 24pullrequests vulnapp

Airship

Secure Content Management for the Modern Web - "The sky is only the beginning"

✭ 422

security postgresql cms free-software content-management secure application-security libsodium secure-by-default

Awesome Nginx Security

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

✭ 417

security kubernetes awesome-list nginx webserver awesome-lists waf load-balancer application-security apigateway

Grab N Run

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

✭ 413

java android-application android-development dynamic application-security

Autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

✭ 406

python authorization burpsuite application-security burp-plugin

Taipan

Web application vulnerability scanner

✭ 359

security web hacking security-tools hacking-tool security-audit web-application security-scanner security-automation web-security application-security security-testing

Watchdog

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

✭ 345

python security security-tools bugbounty pentest-tool security-vulnerability network-security application-security vulnerability-assessment security-testing vulnerability-management penetration-testing-framework

Cheatsheetseries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

✭ 19,302

python shell HTML java Makefile security best-practices code owasp appsec application-security cheatsheets

Whatweb

Next generation web scanner

Application Security Engineer Interview Questions

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

✭ 267

infosec interview-questions vulnerability xss devsecops appsec application-security websecurity

JWTweak

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

✭ 85

python automation jwt authentication authorization jwt-tokens application-security pentesting bugbounty appsec vulnerability-assessment jwt-algorithm security-enthusiasts

auth analyzer

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

✭ 77

java HTML auth authorization application-security burp-plugin burpsuite burp-extensions pentest-tool portswigger

juice-shop-ctf

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

gha-setup-scancentral-client

GitHub Action to set up Fortify ScanCentral Client

✭ 15

typescript javascript shell github setup security static-analysis application-security action appsec fortify sast github-action fortify-ssc fortify-on-demand

sqlinjection-training-app

A simple PHP application to learn SQL Injection detection and exploitation techniques.

✭ 56

PHP CSS Dockerfile exploit sql-injection application-security web-security appsec vulnerable-web-app owasp-top-10 owasp-top-ten vulnerable-apps training-app

Damn-Vulnerable-Bank

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

✭ 379