vulndb-data-mirrorA simple Java command-line utility to mirror the entire contents of VulnDB.
Stars: ✭ 36 (-47.06%)
dependency-check-pluginJenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Stars: ✭ 107 (+57.35%)
zap-sonar-pluginIntegrates OWASP Zed Attack Proxy reports into SonarQube
Stars: ✭ 66 (-2.94%)
KurukshetraKurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Stars: ✭ 131 (+92.65%)
SecurityratOWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (+69.12%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (+5.88%)
SecuritySome of my security stuff and vulnerabilities. Nothing advanced. More to come.
Stars: ✭ 835 (+1127.94%)
PayloadsGit All the Payloads! A collection of web attack payloads.
Stars: ✭ 2,862 (+4108.82%)
Dependency TrackDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+955.88%)
Web MethodologyMethodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Stars: ✭ 142 (+108.82%)
sample-scan-filesSample scan files for testing DefectDojo imports
Stars: ✭ 60 (-11.76%)
Oob ServerA Bind9 server for pentesters to use for Out-of-Band vulnerabilities
Stars: ✭ 125 (+83.82%)
awesome-policy-as-codeA curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (+77.94%)
Bag Of HoldingAn application to assist in the organization and prioritization of software security activities.
Stars: ✭ 114 (+67.65%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (+66.18%)
ReapsawReapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Stars: ✭ 37 (-45.59%)
appsec-educationPresentations, training modules, and other education materials from Duo Security's Application Security team.
Stars: ✭ 59 (-13.24%)
KicsFind security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Stars: ✭ 189 (+177.94%)
Kamus An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
Stars: ✭ 694 (+920.59%)
Owasp VwadThe OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Stars: ✭ 487 (+616.18%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+9120.59%)
eventsRepository of events for the Software Crafters Sydney community
Stars: ✭ 13 (-80.88%)
Zap HudThe OWASP ZAP Heads Up Display (HUD)
Stars: ✭ 201 (+195.59%)
Race The WebTests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Stars: ✭ 385 (+466.18%)
OvaaOversecured Vulnerable Android App
Stars: ✭ 152 (+123.53%)
Nist Data MirrorA simple Java command-line utility to mirror the CVE JSON data from NIST.
Stars: ✭ 135 (+98.53%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (+88.24%)
cryptoniceCryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
Stars: ✭ 91 (+33.82%)
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (+83.82%)
nodejssecurityDocumentation for Essential Node.js Security
Stars: ✭ 64 (-5.88%)
www-project-zapOWASP Zed Attack Proxy project landing page.
Stars: ✭ 52 (-23.53%)
ZaproxyThe OWASP ZAP core project
Stars: ✭ 9,078 (+13250%)
SSI Extra MaterialsIn my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them
Stars: ✭ 42 (-38.24%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (+125%)
BlisqyVersion 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
Stars: ✭ 179 (+163.24%)
CheatsheetseriesThe OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Stars: ✭ 19,302 (+28285.29%)
RailsgoatA vulnerable version of Rails that follows the OWASP Top 10
Stars: ✭ 699 (+927.94%)
Sast ScanScan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Stars: ✭ 234 (+244.12%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+10555.88%)
juice-shopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+10977.94%)
Www CommunityOWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Stars: ✭ 409 (+501.47%)
W3afw3af: web application attack and audit framework, the open source web vulnerability scanner.
Stars: ✭ 3,804 (+5494.12%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+175%)
Awesome Threat ModellingA curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Stars: ✭ 319 (+369.12%)
tutorialsAdditional Resources For Securing The Stack Tutorials
Stars: ✭ 36 (-47.06%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+5051.47%)
YawastYAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
Stars: ✭ 181 (+166.18%)
edgeApplication-embedded connectivity and zero-trust components
Stars: ✭ 44 (-35.29%)