zaproxy / Zap Hud
Licence: apache-2.0
The OWASP ZAP Heads Up Display (HUD)
Stars: ✭ 201
Programming Languages
java
68154 projects - #9 most used programming language
Projects that are alternatives of or similar to Zap Hud
Zaproxy
The OWASP ZAP core project
Stars: ✭ 9,078 (+4416.42%)
Mutual labels: hacktoberfest, owasp, appsec
Juice Shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+3019.4%)
Mutual labels: hacktoberfest, owasp, appsec
Cheatsheetseries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Stars: ✭ 19,302 (+9502.99%)
Mutual labels: owasp, appsec
appsec awareness training
Application Security Awareness Training
Stars: ✭ 17 (-91.54%)
Mutual labels: owasp, appsec
Securecodebox
secureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (+38.81%)
Mutual labels: hacktoberfest, owasp
nodejssecurity
Documentation for Essential Node.js Security
Stars: ✭ 64 (-68.16%)
Mutual labels: owasp, appsec
Dependency Check Sonar Plugin
Integrates Dependency-Check reports into SonarQube
Stars: ✭ 332 (+65.17%)
Mutual labels: owasp, appsec
Www Community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Stars: ✭ 409 (+103.48%)
Mutual labels: owasp, appsec
Dependency Track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+257.21%)
Mutual labels: owasp, appsec
Securityrat
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (-42.79%)
Mutual labels: owasp, appsec
vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+235.32%)
Mutual labels: owasp, appsec
dependency-check-plugin
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Stars: ✭ 107 (-46.77%)
Mutual labels: owasp, appsec
www-project-vulnerable-web-applications-directory
The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site
Stars: ✭ 10 (-95.02%)
Mutual labels: owasp, appsec
Django Defectdojo
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Stars: ✭ 1,926 (+858.21%)
Mutual labels: hacktoberfest, owasp
www-project-zap
OWASP Zed Attack Proxy project landing page.
Stars: ✭ 52 (-74.13%)
Mutual labels: owasp, appsec
Resources-for-Application-Security
Some good resources for getting started with application security
Stars: ✭ 97 (-51.74%)
Mutual labels: owasp, appsec
Owasp Vwad
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Stars: ✭ 487 (+142.29%)
Mutual labels: owasp, appsec
Find Sec Bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Stars: ✭ 1,748 (+769.65%)
Mutual labels: hacktoberfest, owasp
OWASP ZAP Heads Up Display
The HUD is an interface that provides the functionality of ZAP directly in the browser.
Learn more:
- Blog: Hacking with a Heads Up Display
- Video: The OWASP ZAP HUD - Usable Security Tooling
- Wiki: Inside the HUD
Using the HUD
Downloading
You can try out ZAP enabled with the HUD via any of:
- Download and run the latest ZAP Release
or
- Run it from this repo using:
git clone https://github.com/zaproxy/zap-hud.git cd zap-hud ./gradlew runZap
In all cases you will need Java 8+ installed.
You'll see the HUD Radar icon 
in the toolbar. When the icon is selected the HUD will be added to your browser.
Starting the HUD
- Quick Start: Select either
FirefoxorChromeon theQuick Starttab and click on theLaunch Browserbutton.
- Manually: You can also configure Firefox or Chrome to proxy via ZAP manually, but you will need to import the ZAP Root CA Certificate (and may require other setting changes in up-to-date browsers).
The first time the HUD is launched you'll be prompted with the HUD Tutorial. We recommend that you follow the tutorial even if you have read the above blog post and watched the video.
Getting Involved
ZAP is a community project and so we are always very keen to hear from anyone who'd like to contribute, just post to the ZAP HUD Group
We'd also love to hear some feedback, which you can also give via that group.
Limitations
This is still early days and there are some known issues and limitations with the current release. Development on the HUD is active and we recommend you check in often for new features and improvements. :)
You should NOT use it on sites you do not trust! However it is in scope for the ZAP bug bounty on BugCrowd
Limitations while running:
- Only a limited amount of ZAP functionality is available
- Firefox has been tested more than Chrome, but both should work
- The code to support the HUD in multiple browser tabs is very new so might be buggy
- In particular don't close the first tab on Firefox or the HUD will stop working (weird, we know. See #199 for details)
- Using the HUD with browser dev tools open can significantly affect performance
- Behaviour using the browser back button is currently undefined
Issues and todos in code:
- We're using Vue.js in dev mode, which prevents us from using a suitably strong CSP
- JavaScript code still needs to be formatted and linted
- Documentation could, of course, be better
- Async functions are handled as via Promises as opposed to using 'await' pattern
These lists aren't exhaustive, but do highlight some of the larger restrictions.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].