121 Open source projects that are alternatives of or similar to Threat Dragon Desktop

Owasp Zap chart for Kubernetes

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

This repository for training application security.

Application Security Automation

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

Vulnerability Patterns Detector for C# and VB.NET

A web application that contains several unit tests for the purpose of .NET security

secureCodeBox (SCB) - continuous secure delivery out of the box

Security review guidelines for mobile projects

bWAPP latest modified for PHP7

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

OWASP WEB Directory Scanner

POC about usage of JSON Web Tokens (JWT) in a secure way.

Maryam: Open-source Intelligence(OSINT) Framework

Framework for Testing WAFs (FTW!)

Ready to use images of Zap and Glue, especially for CI integration.

OWASP ZAP addon for finding vulnerabilities in JWT Implementations

Next generation web scanner

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

OWASP ZSC - Shellcode/Obfuscate Code Generator

Demo - how to easily build security testing for Web App, using Zap and Glue

This repository contains payload to test NoSQL Injections

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

This is the official main repository for the Assimilation project

A curated list of resources for learning about application security

Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis

OWASP Joomla Vulnerability Scanner Project

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

Damn Vulnerable NodeJS Application

Docker repository for OWTF (64-bit Kali)

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

A place for documenting threats and mitigations related to containers orchestrators (Kubernetes, Swarm etc)

In-depth Attack Surface Mapping and Asset Discovery

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

Integrates Dependency-Check reports into SonarQube

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

Automated Penetration Testing Framework

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Software Component Verification Standard (SCVS)

OWASP Web Application Security Testing Checklist

🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment

A collection of higher-level aws cdk constructs: slack-approval-workflow, #slack & msteams notifications, chatops, blue-green-container-deployment, codecommit-backup, OWASP dependency-check, contentful-webhook, github-webhook, stripe-webhook, static-website, pull-request-check, pull-request-approval-rule, codepipeline-merge-action, codepipeline-check-parameter-action...

This is the Azure Kubernetes Service (AKS) baseline cluster for regulated workloads reference implementation as produced by the Microsoft Azure Architecture Center.

OWASP Threat Dragon core files

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

Deploy, update, and stage your WAFs while managing them centrally via FMS.

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

nodejs + express security and performance boilerplate.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

OWASP ZAP Add-ons

Application Security Awareness Training