189 Open source projects that are alternatives of or similar to Secure-Coding-Handbook

Additional Resources For Securing The Stack Tutorials

OWASP Code Review Guide Web Repository

A collection of electronic hacker magazines carefully curated over the years from multiple sources

OWASP Honeypot, Automated Deception Framework.

The DevSecOps toolset for REST APIs

Run Capture the Flags and Security Trainings with OWASP Juice Shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Automated Security Testing For REST API's

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

CSRF Protector library: standalone library for CSRF mitigation

apache 2.x.x module, for CSRF mitigation

Audit tool to find common vulnerabilities in PHP source code

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

In-depth Attack Surface Mapping and Asset Discovery

Dependency Combobulator

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Hourly updated database of exploit and exploitation reports

completely ridiculous API (crAPI)

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

Awesome Node.js Security resources

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

The OWASP ZAP Heads Up Display (HUD)

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

Blue Team detection lab created with Terraform and Ansible in Azure.

A simple tool for interacting with OWASP ZAP from the commandline.

Anti keylogger, anti screen logger... Strategy to protect with hookings or improve your sandbox with spyware detection... - Demo

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Monitoring GitHub for sensitive data shared publicly

OWASP Cloud Security - Enabling conversations through threat and control stories

Integrates OWASP Zed Attack Proxy reports into SonarQube

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

Sqreen's Application Security Management for the Go language

You didn't think I'd go and leave the blue team out, right?

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

An application to catch, search and analyze HTTP secure headers.

A collection of hacking / penetration testing resources to make you better!

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

GitBook markdown content for the eBook "Pwning OWASP Juice Shop"

Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.

Hacking tools

OWASP Zed Attack Proxy project landing page.

A simple web app that helps developers understand the ASVS requirements.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

The OWASP ZAP core project

The Secure Coding Dojo is a platform for delivering secure coding training.

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

Machine Learning WAF Based

These are some of the commands which I use frequently during Malware Analysis and DFIR.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.