832 Open source projects that are alternatives of or similar to Resources-for-Application-Security

Additional Resources For Securing The Stack Tutorials

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Next generation web scanner

🎯 RFI/LFI Payload List

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Misc. Public Reports of Penetration Testing and Security Audits.

A Tool for Domain Flyovers

A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

🎯 XML External Entity (XXE) Injection Payload List

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Web path scanner

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

Tool to bypass 40X response codes.

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Documentation for Essential Node.js Security

The essential toolkit for reversing, malware analysis, and cracking

Integrates OWASP Zed Attack Proxy reports into SonarQube

Writeups of CTF challenges

渗透测试☞经验/思路/总结/想法/笔记

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Writeups for infosec Capture the Flag events by team Galaxians

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

Get GTFOBins info about a given exploit from the command line

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

All-in-one tool for managing vulnerability reports from AppSec pipelines

Decode All Bases - Base Scheme Decoder

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

A curated list of resources for learning about application security

Integrates Dependency-Check reports into SonarQube

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

OWASP ZAP Add-ons

Learning Penetration Testing of Android Applications

Awesome Node.js Security resources

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

The OWASP ZAP core project

The OWASP ZAP Heads Up Display (HUD)

OWASP Honeypot, Automated Deception Framework.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A cli for cracking, testing vulnerabilities on Json Web Token(JWT)

A collection of hacking / penetration testing resources to make you better!

Security challenges and CTFs created by the Penultimate team.

🔑 Hash type identifier (CLI & lib)

Application Security Awareness Training

OWASP Code Review Guide Web Repository

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)