186 Open source projects that are alternatives of or similar to training-application-security

Web Application Secure Coding Handbook resource.

A simple web app that helps developers understand the ASVS requirements.

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

The OWASP ZAP core project

Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Learning Penetration Testing of Android Applications

Some of my public exploits

An open source, online threat modelling tool from OWASP

Static code analysis tool based on Elasticsearch

nodejs + express security and performance boilerplate.

Tool for scan vulnerabilities in Moodle platforms

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Ready to use images of Zap and Glue, especially for CI integration.

Machine Learning WAF Based

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

The Secure Coding Dojo is a platform for delivering secure coding training.

OWASP WEB Directory Scanner

No description or website provided.

Vulnerability Patterns Detector for C# and VB.NET

The OWASP ZAP Heads Up Display (HUD)

OWASP ZSC - Shellcode/Obfuscate Code Generator

apache 2.x.x module, for CSRF mitigation

OWASP ZAP Add-ons

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Demo - how to easily build security testing for Web App, using Zap and Glue

A collection of hacking / penetration testing resources to make you better!

Application Security Automation

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

Maryam: Open-source Intelligence(OSINT) Framework

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

A simple tool for interacting with OWASP ZAP from the commandline.

Next generation web scanner

Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻

secureCodeBox (SCB) - continuous secure delivery out of the box

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

This repository contains payload to test NoSQL Injections

Additional Resources For Securing The Stack Tutorials

Application Security Awareness Training

OWASP Cloud Security - Enabling conversations through threat and control stories

Security review guidelines for mobile projects

This is the official main repository for the Assimilation project

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

completely ridiculous API (crAPI)

Owasp Zap chart for Kubernetes

Sqreen's Application Security Management for the Go language

POC about usage of JSON Web Tokens (JWT) in a secure way.

Some good resources for getting started with application security

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

Deploy, update, and stage your WAFs while managing them centrally via FMS.

Documentation for Essential Node.js Security

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

Run Capture the Flags and Security Trainings with OWASP Juice Shop

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development