208 Open source projects that are alternatives of or similar to Awesome Appsec

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Next generation web scanner

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Some good resources for getting started with application security

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

A curated list & timeline of awesome android apps by indie developers / solopreneurs

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Integrates Dependency-Check reports into SonarQube

Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

Docker repository for OWTF (64-bit Kali)

Owasp Zap chart for Kubernetes

knowledge distillation papers

Maryam: Open-source Intelligence(OSINT) Framework

secureCodeBox (SCB) - continuous secure delivery out of the box

Collection of books/papers that I've read/I'm going to read/I would remember that they exist/It is unlikely that I'll read/I'll never read.

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

Golang中文博客文章阅读列表

A simple PHP application to learn SQL Injection detection and exploitation techniques.

A Chrome/Firefox extension for saving pages to read later.

The best (weekly) newsletters

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

Application Security Automation

Security review guidelines for mobile projects

List of applications and tools that make my macOS experience even more amazing

Secure Content Management for the Modern Web - "The sky is only the beginning"

GitHub Action to set up Fortify ScanCentral Client

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

A text generation reading list maintained by Tsinghua Natural Language Processing Group.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

A reading list for deep graph learning acceleration.

a collection of books, articles, and tutorials to learn and apply analytics

A collection of higher-level aws cdk constructs: slack-approval-workflow, #slack & msteams notifications, chatops, blue-green-container-deployment, codecommit-backup, OWASP dependency-check, contentful-webhook, github-webhook, stripe-webhook, static-website, pull-request-check, pull-request-approval-rule, codepipeline-merge-action, codepipeline-check-parameter-action...

A reading list on blockchain and related technologies, targeted at technical people who want a deep understanding of those topics.

Reading list for research topics in multimodal machine learning

IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

POC about usage of JSON Web Tokens (JWT) in a secure way.

Web application vulnerability scanner

A place for documenting threats and mitigations related to containers orchestrators (Kubernetes, Swarm etc)

This repository contains payload to test NoSQL Injections

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

Framework for Testing WAFs (FTW!)

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

深度学习经典、新论文逐段精读

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

Application Security Awareness Training