809 Open source projects that are alternatives of or similar to Cheatsheetseries

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Some good resources for getting started with application security

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Next generation web scanner

The OWASP ZAP Heads Up Display (HUD)

Additional Resources For Securing The Stack Tutorials

The OWASP ZAP core project

Integrates Dependency-Check reports into SonarQube

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

OWASP ZAP Add-ons

Vulnerability Patterns Detector for C# and VB.NET

A curated list of resources for learning about application security

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Application Security Awareness Training

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

A centralised hub for learner around the globe from A-Z. You can find collections of manuals, blogs, hacks, one liners, courses, other free learning-resources and more

OWASP Code Review Guide Web Repository

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Quick reference material for techies

Integrates OWASP Zed Attack Proxy reports into SonarQube

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Documentation for Essential Node.js Security

GitHub Action to set up Fortify ScanCentral Client

🎯 RFI/LFI Payload List

Full Nuclei automation script with logic explanation.

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

Software Component Verification Standard (SCVS)

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

OWASP Zed Attack Proxy project landing page.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

Apache HTTP server boilerplate configs

A repository to collect best practices when programming with Swift

🛁 Clean Code-Konzepte adaptiert für JavaScript.

Pluggable TypeScript and JavaScript linter

Scans your AWS cloud resources and generates reports. Check out free hosted version:

📜 Collection of the most awesome Math learning resources in the form of notes, videos and cheatsheets.

🔮 [C#] Source code randomizer and compiler

A highly configurable markdown renderer and Blade component for Laravel

Collaborative Collection of C++ Best Practices. This online resource is part of Jason Turner's collection of C++ Best Practices resources. See README.md for more information.

Extract gfm (GitHub Flavored Markdown) fenced code blocks from a string.

secureCodeBox (SCB) - continuous secure delivery out of the box

vue文件差异对比

cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not frequently enough to remember.

Security review guidelines for mobile projects

Custom Marlin version for the brand new BCN3D Sigma from BCN3D Technologies

Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

A list of tools, papers and code related to Deepfake Detection.

A sample to represent Uber Riblets design pattern using Swift.

This repository contains payload to test NoSQL Injections

Cheatsheets for experienced Vue developers getting started with TypeScript

Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis