bWAPPbWAPP latest modified for PHP7
Stars: ✭ 30 (+20%)
zap-sonar-pluginIntegrates OWASP Zed Attack Proxy reports into SonarQube
Stars: ✭ 66 (+164%)
cwe-toolA command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Stars: ✭ 40 (+60%)
ApicheckThe DevSecOps toolset for REST APIs
Stars: ✭ 184 (+636%)
cyclonedx-cliCycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Stars: ✭ 154 (+516%)
www-project-zapOWASP Zed Attack Proxy project landing page.
Stars: ✭ 52 (+108%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+15392%)
ptpPentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.
Stars: ✭ 28 (+12%)
hikvision-recoverCommand-line tool for generating recovery codes for Hikvision IP Cameras
Stars: ✭ 40 (+60%)
Python HoneypotOWASP Honeypot, Automated Deception Framework.
Stars: ✭ 160 (+540%)
AstraAutomated Security Testing For REST API's
Stars: ✭ 1,898 (+7492%)
VulnogramVulnogram is a tool for creating and editing CVE information in CVE JSON format
Stars: ✭ 103 (+312%)
Puma6FailCVE-2017-5693 Denial of service vulnerability in Puma 6 modems
Stars: ✭ 17 (-32%)
headersAn application to catch, search and analyze HTTP secure headers.
Stars: ✭ 59 (+136%)
www-project-web-security-testing-guideThe Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
Stars: ✭ 260 (+940%)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (+764%)
raiderOWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions
Stars: ✭ 88 (+252%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (+696%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+648%)
Csrf Protector PhpCSRF Protector library: standalone library for CSRF mitigation
Stars: ✭ 178 (+612%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+484%)
coraza-caddyOWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
Stars: ✭ 75 (+200%)
AmassIn-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 1,693 (+6672%)
Owasp OrizonOwasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.
Stars: ✭ 130 (+420%)
cyclonedx-dotnetCreates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
Stars: ✭ 110 (+340%)
SlidesThe repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.
Stars: ✭ 56 (+124%)
www-project-csrfguardThe aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
Stars: ✭ 43 (+72%)
vilicusVilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.
Stars: ✭ 82 (+228%)
exploitsSome of my public exploits
Stars: ✭ 50 (+100%)
BughoundStatic code analysis tool based on Elasticsearch
Stars: ✭ 124 (+396%)
moodlescanTool for scan vulnerabilities in Moodle platforms
Stars: ✭ 54 (+116%)
Juice Shop CtfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (+852%)
waf-brainMachine Learning WAF Based
Stars: ✭ 74 (+196%)
SecurecodingdojoThe Secure Coding Dojo is a platform for delivering secure coding training.
Stars: ✭ 216 (+764%)
wafbypasserNo description or website provided.
Stars: ✭ 73 (+192%)
Zap HudThe OWASP ZAP Heads Up Display (HUD)
Stars: ✭ 201 (+704%)
webdriverio-zap-proxyDemo - how to easily build security testing for Web App, using Zap and Glue
Stars: ✭ 58 (+132%)
Django DefectdojoDefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Stars: ✭ 1,926 (+7604%)
Securetea ProjectThe OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)
Stars: ✭ 181 (+624%)
juice-shopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+30032%)
Zap CliA simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (+564%)
AthenaTest your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻
Stars: ✭ 43 (+72%)
Bluemondaybluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Stars: ✭ 2,135 (+8440%)
tutorialsAdditional Resources For Securing The Stack Tutorials
Stars: ✭ 36 (+44%)
Owasp Cloud SecurityOWASP Cloud Security - Enabling conversations through threat and control stories
Stars: ✭ 148 (+492%)
assimilation-officialThis is the official main repository for the Assimilation project
Stars: ✭ 47 (+88%)
Owaspheaders.coreA .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security
Stars: ✭ 138 (+452%)
crAPIcompletely ridiculous API (crAPI)
Stars: ✭ 549 (+2096%)
Go AgentSqreen's Application Security Management for the Go language
Stars: ✭ 134 (+436%)
weblogic honeypotWebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.
Stars: ✭ 30 (+20%)
aws-firewall-factoryDeploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (+188%)
nodejssecurityDocumentation for Essential Node.js Security
Stars: ✭ 64 (+156%)
NetworkAlarmA tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
Stars: ✭ 17 (-32%)
multi-juicerRun Capture the Flags and Security Trainings with OWASP Juice Shop
Stars: ✭ 179 (+616%)