169 Open source projects that are alternatives of or similar to nodejssecurity

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP Code Review Guide Web Repository

Some good resources for getting started with application security

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

The OWASP ZAP Heads Up Display (HUD)

Integrates OWASP Zed Attack Proxy reports into SonarQube

OWASP Zed Attack Proxy project landing page.

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

OWASP ZAP Add-ons

Next generation web scanner

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Integrates Dependency-Check reports into SonarQube

Additional Resources For Securing The Stack Tutorials

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Application Security Awareness Training

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

The OWASP ZAP core project

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

No description or website provided.

In progress rough solutions to bWAPP / bee-box

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

The Secure Coding Dojo is a platform for delivering secure coding training.

The DevSecOps toolset for REST APIs

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

CSRF Protector library: standalone library for CSRF mitigation

completely ridiculous API (crAPI)

Web Application Secure Coding Handbook resource.

OWASP Honeypot, Automated Deception Framework.

A simple tool for interacting with OWASP ZAP from the commandline.

Sample scan files for testing DefectDojo imports

Presentations, training modules, and other education materials from Duo Security's Application Security team.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Pentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

Run Capture the Flags and Security Trainings with OWASP Juice Shop

Audit tool to find common vulnerabilities in PHP source code

OWASP Cloud Security - Enabling conversations through threat and control stories

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

Automated Security Testing For REST API's

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

Oversecured Vulnerable iOS App

In-depth Attack Surface Mapping and Asset Discovery

Sqreen's Application Security Management for the Go language

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻

Machine Learning WAF Based

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)