1130 Open source projects that are alternatives of or similar to Application Security Engineer Interview Questions

Some good resources for getting started with application security

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

🎯 RFI/LFI Payload List

All-in-one tool for managing vulnerability reports from AppSec pipelines

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

XSS in pastebin.com and reddit.com via unsanitized markdown output

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

🔪Browser logic vulnerabilities ☠️

Audit tool to find common vulnerabilities in PHP source code

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Web path scanner

ES File Explorer Open Port Vulnerability - CVE-2019-6447

Vulnerability Dashboard

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

🎯 XML External Entity (XXE) Injection Payload List

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

Agile Threat Modeling Toolkit

A few SQL and XSS attack tools

In progress rough solutions to bWAPP / bee-box

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Go Web Application Penetration Test

Git All the Payloads! A collection of web attack payloads.

🎯 Command Injection Payload List

Source code for Hacker101.com - a free online web and mobile security class.

XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

A big list of Android Hackerone disclosed reports and other resources.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Full Nuclei automation script with logic explanation.

A Deliberately Insecure Web Application

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

A schema and set of tools for using SQL to query cloud infrastructure.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Additional Resources For Securing The Stack Tutorials

CLI to interact with Kondukto

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

Extraction of iMessage Data via XSS

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

Powerful dork searcher and vulnerability scanner for windows platform

渗透测试☞经验/思路/总结/想法/笔记

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Misc. Public Reports of Penetration Testing and Security Audits.

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

🔐 Docker Container for Penetration Testing & Security

A Tool for Domain Flyovers

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.