199 Open source projects that are alternatives of or similar to ftw

Machine Learning WAF Based

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…

Deploy, update, and stage your WAFs while managing them centrally via FMS.

A web-based testing platform for WAF (Web Application Firewall)'s correctness

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

No description or website provided.

Sqreen's Application Security Management for the Go language

Web Application Secure Coding Handbook resource.

Demo - how to easily build security testing for Web App, using Zap and Glue

apache 2.x.x module, for CSRF mitigation

The official PHP SDK for Shieldfy

Some good resources for getting started with application security

This repository for training application security.

OWASP Zed Attack Proxy project landing page.

A web application that contains several unit tests for the purpose of .NET security

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

AliGuard PHP WAF

⚡️ Docker official image for Wallarm Node. API security platform agent.

Additional Resources For Securing The Stack Tutorials

Because life is too short to waste your time transforming naxsi logs to rules by hand

This is the official main repository for the Assimilation project

Development repository for nginx-more package

Kubernetes Ingress controller with integrated Wallarm services

Documentation for Essential Node.js Security

Run Capture the Flags and Security Trainings with OWASP Juice Shop

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

Web interface for managing Haproxy, Nginx, Apache and Keepalived servers

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

An application to catch, search and analyze HTTP secure headers.

This is the Azure Kubernetes Service (AKS) baseline cluster for regulated workloads reference implementation as produced by the Microsoft Azure Architecture Center.

Payload encoder for bypass WAF

Software Component Verification Standard (SCVS)

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

Ubuntu package for modsecurity-nginx

Integrates OWASP Zed Attack Proxy reports into SonarQube

releases-openstar-Enterprise

WAF for WordPress 🔥 with 60+ security checks and weekly updates

Integrate Airlock WAF in a Kubernetes or OpenShift Environment

bWAPP latest modified for PHP7

Raptor - WAF - Web application firewall using DFA [ Current version ] - Beta

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

completely ridiculous API (crAPI)

🌹 基于OpenResty编写一个MVC模式的WEB项目 V0.01

OWASP Code Review Guide Web Repository

Project dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

This package is a plugin for Terraform, and is designed to be used to auto-provision sites in Incapsula via Incapsula’s API from the terraform cli/yaml configurations.

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

ModSecurity Django middleware

🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment

🖤 网络安全与渗透测试工具导航

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Pentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

OWASP ZAP addon for finding vulnerabilities in JWT Implementations