77 Open source projects that are alternatives of or similar to threatmodel-sdk

A simple Java command-line utility to mirror the entire contents of VulnDB.

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Integrates OWASP Zed Attack Proxy reports into SonarQube

Vendor-Neutral Security Tool Automation Controller (over REST)

Oversecured Vulnerable iOS App

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

All-in-one tool for managing vulnerability reports from AppSec pipelines

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Git All the Payloads! A collection of web attack payloads.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Sample scan files for testing DefectDojo imports

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

An application to assist in the organization and prioritization of software security activities.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.

Presentations, training modules, and other education materials from Duo Security's Application Security team.

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Repository of events for the Software Crafters Sydney community

The OWASP ZAP Heads Up Display (HUD)

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Oversecured Vulnerable Android App

OWASP Code Review Guide Web Repository

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Some good resources for getting started with application security

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Documentation for Essential Node.js Security

HTML5 WebSocket message fuzzer

This repository contains links to awesome security articles.

OWASP Zed Attack Proxy project landing page.

Integrates Dependency-Check reports into SonarQube

The OWASP ZAP core project

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Full Nuclei automation script with logic explanation.

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

A vulnerable version of Rails that follows the OWASP Top 10

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

Web path scanner

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP ZAP Add-ons

🎯 RFI/LFI Payload List

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

Templates for the Microsoft Threat Modeling Tool

w3af: web application attack and audit framework, the open source web vulnerability scanner.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Additional Resources For Securing The Stack Tutorials

Next generation web scanner

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

Application-embedded connectivity and zero-trust components

Embedded AppSec Best Practices