Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+9696.88%)
SecurityratOWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (+79.69%)
vapivAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+953.13%)
Www CommunityOWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Stars: ✭ 409 (+539.06%)
Zap HudThe OWASP ZAP Heads Up Display (HUD)
Stars: ✭ 201 (+214.06%)
zap-sonar-pluginIntegrates OWASP Zed Attack Proxy reports into SonarQube
Stars: ✭ 66 (+3.13%)
www-project-zapOWASP Zed Attack Proxy project landing page.
Stars: ✭ 52 (-18.75%)
dependency-check-pluginJenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Stars: ✭ 107 (+67.19%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+5373.44%)
Dependency TrackDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+1021.88%)
tutorialsAdditional Resources For Securing The Stack Tutorials
Stars: ✭ 36 (-43.75%)
juice-shopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+11670.31%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+192.19%)
CheatsheetseriesThe OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Stars: ✭ 19,302 (+30059.38%)
Owasp VwadThe OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Stars: ✭ 487 (+660.94%)
ZaproxyThe OWASP ZAP core project
Stars: ✭ 9,078 (+14084.38%)
SSI Extra MaterialsIn my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them
Stars: ✭ 42 (-34.37%)
Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (+271.88%)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (+237.5%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+5951.56%)
cwe-toolA command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Stars: ✭ 40 (-37.5%)
wafbypasserNo description or website provided.
Stars: ✭ 73 (+14.06%)
solutions-bwappIn progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (+146.88%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (+210.94%)
coraza-caddyOWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
Stars: ✭ 75 (+17.19%)
SecurecodingdojoThe Secure Coding Dojo is a platform for delivering secure coding training.
Stars: ✭ 216 (+237.5%)
ApicheckThe DevSecOps toolset for REST APIs
Stars: ✭ 184 (+187.5%)
Securetea ProjectThe OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)
Stars: ✭ 181 (+182.81%)
Csrf Protector PhpCSRF Protector library: standalone library for CSRF mitigation
Stars: ✭ 178 (+178.13%)
crAPIcompletely ridiculous API (crAPI)
Stars: ✭ 549 (+757.81%)
Python HoneypotOWASP Honeypot, Automated Deception Framework.
Stars: ✭ 160 (+150%)
Zap CliA simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (+159.38%)
sample-scan-filesSample scan files for testing DefectDojo imports
Stars: ✭ 60 (-6.25%)
appsec-educationPresentations, training modules, and other education materials from Duo Security's Application Security team.
Stars: ✭ 59 (-7.81%)
Bluemondaybluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Stars: ✭ 2,135 (+3235.94%)
ptpPentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.
Stars: ✭ 28 (-56.25%)
awesome-policy-as-codeA curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (+89.06%)
multi-juicerRun Capture the Flags and Security Trainings with OWASP Juice Shop
Stars: ✭ 179 (+179.69%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+128.13%)
Owasp Cloud SecurityOWASP Cloud Security - Enabling conversations through threat and control stories
Stars: ✭ 148 (+131.25%)
cryptoniceCryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
Stars: ✭ 91 (+42.19%)
AstraAutomated Security Testing For REST API's
Stars: ✭ 1,898 (+2865.63%)
Owaspheaders.coreA .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security
Stars: ✭ 138 (+115.63%)
AmassIn-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 1,693 (+2545.31%)
Go AgentSqreen's Application Security Management for the Go language
Stars: ✭ 134 (+109.38%)
cyclonedx-dotnetCreates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
Stars: ✭ 110 (+71.88%)
Owasp OrizonOwasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.
Stars: ✭ 130 (+103.13%)
Django DefectdojoDefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Stars: ✭ 1,926 (+2909.38%)
AthenaTest your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻
Stars: ✭ 43 (-32.81%)
waf-brainMachine Learning WAF Based
Stars: ✭ 74 (+15.63%)
SlidesThe repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.
Stars: ✭ 56 (-12.5%)
Find Sec BugsThe SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Stars: ✭ 1,748 (+2631.25%)