186 Open source projects that are alternatives of or similar to training-application-security

bWAPP latest modified for PHP7

Integrates OWASP Zed Attack Proxy reports into SonarQube

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

The DevSecOps toolset for REST APIs

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

OWASP Zed Attack Proxy project landing page.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Pentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.

Command-line tool for generating recovery codes for Hikvision IP Cameras

OWASP Honeypot, Automated Deception Framework.

Automated Security Testing For REST API's

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

CVE-2017-5693 Denial of service vulnerability in Puma 6 modems

An application to catch, search and analyze HTTP secure headers.

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

CSRF Protector library: standalone library for CSRF mitigation

The official PHP SDK for Shieldfy

Audit tool to find common vulnerabilities in PHP source code

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

OWASP Code Review Guide Web Repository

In-depth Attack Surface Mapping and Asset Discovery

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Web Application Secure Coding Handbook resource.

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Some of my public exploits

Static code analysis tool based on Elasticsearch

Tool for scan vulnerabilities in Moodle platforms

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Machine Learning WAF Based

The Secure Coding Dojo is a platform for delivering secure coding training.

No description or website provided.

The OWASP ZAP Heads Up Display (HUD)

apache 2.x.x module, for CSRF mitigation

Demo - how to easily build security testing for Web App, using Zap and Glue

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

A simple tool for interacting with OWASP ZAP from the commandline.

Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Additional Resources For Securing The Stack Tutorials

OWASP Cloud Security - Enabling conversations through threat and control stories

This is the official main repository for the Assimilation project

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

completely ridiculous API (crAPI)

Sqreen's Application Security Management for the Go language

Some good resources for getting started with application security

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

Deploy, update, and stage your WAFs while managing them centrally via FMS.

Documentation for Essential Node.js Security

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

Run Capture the Flags and Security Trainings with OWASP Juice Shop