343 Open source projects that are alternatives of or similar to cwe-tool

OWASP WEB Directory Scanner

bWAPP latest modified for PHP7

IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

Documentation for Essential Node.js Security

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.

Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis

Automated Security Testing For REST API's

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

Detect root, emulation, debug mode and other security concerns in your Xamarin apps

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

A collection of hacking / penetration testing resources to make you better!

Vulnerability Patterns Detector for C# and VB.NET

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

Desktop variant of OWASP Threat Dragon

A place for documenting threats and mitigations related to containers orchestrators (Kubernetes, Swarm etc)

In-depth Attack Surface Mapping and Asset Discovery

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

Automated Penetration Testing Framework

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

The DevSecOps toolset for REST APIs

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Software Component Verification Standard (SCVS)

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

OWASP Threat Dragon core files

Extraction of iMessage Data via XSS

Pentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

OWASP Joomla Vulnerability Scanner Project

Deploy, update, and stage your WAFs while managing them centrally via FMS.

OWASP ZSC - Shellcode/Obfuscate Code Generator

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

This is the official main repository for the Assimilation project

In-depth Attack Surface Mapping and Asset Discovery

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

CSRF Protector library: standalone library for CSRF mitigation

No description or website provided.

OWASP Web Application Security Testing Checklist

Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Some good resources for getting started with application security

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Web Application Secure Coding Handbook resource.

OWASP Zed Attack Proxy project landing page.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A simple tool for interacting with OWASP ZAP from the commandline.

GitBook markdown content for the eBook "Pwning OWASP Juice Shop"

OWASP ZAP Add-ons

Machine Learning WAF Based

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

A curated list of resources for learning about application security

apache 2.x.x module, for CSRF mitigation

Integrates OWASP Zed Attack Proxy reports into SonarQube

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Additional Resources For Securing The Stack Tutorials

Damn Vulnerable NodeJS Application