XvwaXVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.
Stars: ✭ 1,540 (+1015.94%)
SecurityratOWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (-16.67%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-18.12%)
Mssqli DuetSQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Stars: ✭ 82 (-40.58%)
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+783.33%)
VyapiVyAPI - A cloud based vulnerable hybrid Android App
Stars: ✭ 75 (-45.65%)
Androl4bA Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Stars: ✭ 908 (+557.97%)
OssaOpen-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+476.81%)
JanusecJanusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+458.7%)
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (+358.7%)
Awesome AppsecA curated list of resources for learning about application security
Stars: ✭ 4,761 (+3350%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+4443.48%)
AirshipSecure Content Management for the Modern Web - "The sky is only the beginning"
Stars: ✭ 422 (+205.8%)
Awesome Nginx Security🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Stars: ✭ 417 (+202.17%)
Grab N RunGrab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
Stars: ✭ 413 (+199.28%)
AutorizeAutomatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Stars: ✭ 406 (+194.2%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+160.14%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (+150%)
CheatsheetseriesThe OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Stars: ✭ 19,302 (+13886.96%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+2438.41%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+93.48%)
JWTweakDetects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Stars: ✭ 85 (-38.41%)
auth analyzerBurp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Stars: ✭ 77 (-44.2%)
juice-shop-ctfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox
Stars: ✭ 287 (+107.97%)
sqlinjection-training-appA simple PHP application to learn SQL Injection detection and exploitation techniques.
Stars: ✭ 56 (-59.42%)
Damn-Vulnerable-BankDamn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Stars: ✭ 379 (+174.64%)
sandboxed-fsSandboxed Wrapper for Node.js File System API
Stars: ✭ 41 (-70.29%)
Bucket-FlawsBucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-68.84%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (+10.87%)
oss2020The Open Security Summit 2020 is focused on the collaboration between, Developers and Application Security
Stars: ✭ 26 (-81.16%)
ssc-restapi-clientCommunicate with Fortify Software Security Center through REST API in java, a swagger generated client
Stars: ✭ 13 (-90.58%)
jawfishTool for breaking into web applications.
Stars: ✭ 84 (-39.13%)
vimana-frameworkVimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Stars: ✭ 47 (-65.94%)
juice-shopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+5358.7%)
kdtCLI to interact with Kondukto
Stars: ✭ 18 (-86.96%)
Zxhookdetection【iOS应用安全、安全攻防】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议Demo);【数据传输安全】浅谈http、https与数据加密
Stars: ✭ 241 (+74.64%)
Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (+72.46%)
SpamscopeFast Advanced Spam Analysis Tool
Stars: ✭ 223 (+61.59%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+2706.52%)
Awesome DevsecopsCurating the best DevSecOps resources and tooling.
Stars: ✭ 188 (+36.23%)
ThreatplaybookA unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Stars: ✭ 173 (+25.36%)
EvabsAn open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Stars: ✭ 173 (+25.36%)
Web MethodologyMethodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Stars: ✭ 142 (+2.9%)