169 Open source projects that are alternatives of or similar to Www Community

Application Security Awareness Training

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

The OWASP ZAP core project

Additional Resources For Securing The Stack Tutorials

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Some good resources for getting started with application security

The OWASP ZAP Heads Up Display (HUD)

Next generation web scanner

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

OWASP Code Review Guide Web Repository

Integrates OWASP Zed Attack Proxy reports into SonarQube

OWASP ZAP Add-ons

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Integrates Dependency-Check reports into SonarQube

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Documentation for Essential Node.js Security

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

OWASP Zed Attack Proxy project landing page.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

A place for documenting threats and mitigations related to containers orchestrators (Kubernetes, Swarm etc)

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

A collection of higher-level aws cdk constructs: slack-approval-workflow, #slack & msteams notifications, chatops, blue-green-container-deployment, codecommit-backup, OWASP dependency-check, contentful-webhook, github-webhook, stripe-webhook, static-website, pull-request-check, pull-request-approval-rule, codepipeline-merge-action, codepipeline-check-parameter-action...

Security review guidelines for mobile projects

Nmap and NSE command line wrapper in the style of Metasploit

Framework for Testing WAFs (FTW!)

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

OWASP ZAP addon for finding vulnerabilities in JWT Implementations

Software Component Verification Standard (SCVS)

secureCodeBox (SCB) - continuous secure delivery out of the box

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

A web application that contains several unit tests for the purpose of .NET security

GitHub Action to set up Fortify ScanCentral Client

🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment

A Java library for parsing and programmatically using threat models

Maryam: Open-source Intelligence(OSINT) Framework

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

This is the Azure Kubernetes Service (AKS) baseline cluster for regulated workloads reference implementation as produced by the Microsoft Azure Architecture Center.

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

This repository for training application security.

Demo - how to easily build security testing for Web App, using Zap and Glue

This repository contains payload to test NoSQL Injections

Docker repository for OWTF (64-bit Kali)

Full Nuclei automation script with logic explanation.

Deploy, update, and stage your WAFs while managing them centrally via FMS.

A Tool for Domain Flyovers

bWAPP latest modified for PHP7

This is the official main repository for the Assimilation project

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner