VbscanOWASP VBScan is a Black Box vBulletin Vulnerability Scanner
CheatsheetseriesThe OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Cdk ConstructsA collection of higher-level aws cdk constructs: slack-approval-workflow, #slack & msteams notifications, chatops, blue-green-container-deployment, codecommit-backup, OWASP dependency-check, contentful-webhook, github-webhook, stripe-webhook, static-website, pull-request-check, pull-request-approval-rule, codepipeline-merge-action, codepipeline-check-parameter-action...
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Iotgoat IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
DvwsOWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
cyclonedx-gomodCreates CycloneDX Software Bill of Materials (SBOM) from Go modules
specificationSoftware Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis
juice-shop-ctfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox
dependency-track-maven-pluginMaven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
poc-jwtPOC about usage of JSON Web Tokens (JWT) in a secure way.
cyclonedx-pythonCreates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.
ftwFramework for Testing WAFs (FTW!)
vapivAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
cwe-sdk-javascriptA Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
OWASP-Calculator🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment
dependency-check-pluginJenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
aks-baseline-regulatedThis is the Azure Kubernetes Service (AKS) baseline cluster for regulated workloads reference implementation as produced by the Microsoft Azure Architecture Center.
bWAPPbWAPP latest modified for PHP7
www-project-csrfguardThe aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
www-project-web-security-testing-guideThe Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
ptpPentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.
AthenaTest your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻
coraza-caddyOWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
raiderOWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions
juice-shopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
tutorialsAdditional Resources For Securing The Stack Tutorials
crAPIcompletely ridiculous API (crAPI)
multi-juicerRun Capture the Flags and Security Trainings with OWASP Juice Shop
cyclonedx-dotnetCreates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
SlidesThe repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.
cyclonedx-cliCycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.