lmoroz / bWAPP
Licence: other
bWAPP latest modified for PHP7
Stars: ✭ 30
Programming Languages
Projects that are alternatives of or similar to bWAPP
vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+2146.67%)
Mutual labels: owasp, owasp-top-10
training-application-security
This repository for training application security.
Stars: ✭ 25 (-16.67%)
Mutual labels: owasp, security-vulnerability
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+25010%)
Mutual labels: owasp, owasp-top-10
Juice Shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+20800%)
Mutual labels: owasp, owasp-top-10
Resources-for-Application-Security
Some good resources for getting started with application security
Stars: ✭ 97 (+223.33%)
Mutual labels: owasp
raider
OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions
Stars: ✭ 88 (+193.33%)
Mutual labels: owasp
zap-sonar-plugin
Integrates OWASP Zed Attack Proxy reports into SonarQube
Stars: ✭ 66 (+120%)
Mutual labels: owasp
shieldfy-php-client
The official PHP SDK for Shieldfy
Stars: ✭ 15 (-50%)
Mutual labels: security-vulnerability
nodejssecurity
Documentation for Essential Node.js Security
Stars: ✭ 64 (+113.33%)
Mutual labels: owasp
Secure-Coding-Handbook
Web Application Secure Coding Handbook resource.
Stars: ✭ 328 (+993.33%)
Mutual labels: owasp
coraza-caddy
OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
Stars: ✭ 75 (+150%)
Mutual labels: owasp
www-project-web-security-testing-guide
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
Stars: ✭ 260 (+766.67%)
Mutual labels: owasp
workshop-devsecops
La intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …
Stars: ✭ 14 (-53.33%)
Mutual labels: owasp-top-10
ptp
Pentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.
Stars: ✭ 28 (-6.67%)
Mutual labels: owasp
Puma6Fail
CVE-2017-5693 Denial of service vulnerability in Puma 6 modems
Stars: ✭ 17 (-43.33%)
Mutual labels: security-vulnerability
NetworkAlarm
A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
Stars: ✭ 17 (-43.33%)
Mutual labels: security-vulnerability
-------------- bWAPP - README -------------- bWAPP, or a buggy web application, is a deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. It prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project! It is for security-testing and educational purposes only. It includes: */ Injection vulnerabilities like SQL, SSI, XML/XPath, JSON, LDAP, HTML, iFrame, OS Command and SMTP injection */ Cross-Site Scripting (XSS), Cross-Site Tracing (XST) and Cross-Site Request Forgery (CSRF) */ Unrestricted file uploads and backdoor files */ Authentication, authorization and session management issues */ Arbitrary file access and directory traversals */ Local and remote file inclusions (LFI/RFI) */ Server Side Request Forgery (SSRF) */ XML External Entity Attacks (XXE) */ Heartbleed vulnerability (OpenSSL) */ Shellshock vulnerability (CGI) */ Drupal SQL injection (Drupageddon) */ Configuration issues: Man-in-the-Middle, cross-domain policy file, information disclosures,... */ HTTP parameter pollution and HTTP response splitting */ Denial-of-Service (DoS) attacks */ HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues */ Unvalidated redirects and forwards */ Parameter tampering */ PHP-CGI vulnerability */ Insecure cryptographic storage */ AJAX and Web Services issues (JSON/XML/SOAP) */ Cookie and password reset poisoning */ Insecure FTP, SNMP and WebDAV configurations */ and much more... bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux and Windows using Apache/IIS and MySQL. It can be installed with WAMP or XAMPP. It's also possible to download our bee-box, a custom VM pre-installed with bWAPP. This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education. IT security, ethical hacking, training and fun... all mixed together. You can find more about the ITSEC GAMES and bWAPP projects on our blog. We offer a 2-day comprehensive web security course 'Attacking & Defending Web Apps with bWAPP'. This course can be scheduled on demand, at your location! More info: http://goo.gl/ASuPa1 (pdf) Enjoy! Cheers Malik Mesellem Twitter: @MME_IT
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].