WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+846.94%)
ZaproxyThe OWASP ZAP core project
Stars: ✭ 9,078 (+2119.56%)
tutorialsAdditional Resources For Securing The Stack Tutorials
Stars: ✭ 36 (-91.2%)
SecurityratOWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (-71.88%)
Zap HudThe OWASP ZAP Heads Up Display (HUD)
Stars: ✭ 201 (-50.86%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+756.48%)
juice-shopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+1741.81%)
Dependency TrackDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+75.55%)
zap-sonar-pluginIntegrates OWASP Zed Attack Proxy reports into SonarQube
Stars: ✭ 66 (-83.86%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+1433.01%)
Owasp VwadThe OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Stars: ✭ 487 (+19.07%)
vapivAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+64.79%)
dependency-check-pluginJenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Stars: ✭ 107 (-73.84%)
nodejssecurityDocumentation for Essential Node.js Security
Stars: ✭ 64 (-84.35%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-54.28%)
www-project-zapOWASP Zed Attack Proxy project landing page.
Stars: ✭ 52 (-87.29%)
CheatsheetseriesThe OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Stars: ✭ 19,302 (+4619.32%)
containers-security-projectA place for documenting threats and mitigations related to containers orchestrators (Kubernetes, Swarm etc)
Stars: ✭ 25 (-93.89%)
JWTweakDetects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Stars: ✭ 85 (-79.22%)
cyclonedx-pythonCreates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.
Stars: ✭ 78 (-80.93%)
sqlinjection-training-appA simple PHP application to learn SQL Injection detection and exploitation techniques.
Stars: ✭ 56 (-86.31%)
cyclonedx-php-composerCreate CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
Stars: ✭ 20 (-95.11%)
CIS-Ubuntu-20.04-AnsibleAnsible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
Stars: ✭ 150 (-63.33%)
Cdk ConstructsA collection of higher-level aws cdk constructs: slack-approval-workflow, #slack & msteams notifications, chatops, blue-green-container-deployment, codecommit-backup, OWASP dependency-check, contentful-webhook, github-webhook, stripe-webhook, static-website, pull-request-check, pull-request-approval-rule, codepipeline-merge-action, codepipeline-check-parameter-action...
Stars: ✭ 282 (-31.05%)
ObsidianSailboatNmap and NSE command line wrapper in the style of Metasploit
Stars: ✭ 36 (-91.2%)
ftwFramework for Testing WAFs (FTW!)
Stars: ✭ 106 (-74.08%)
cyclonedx-gomodCreates CycloneDX Software Bill of Materials (SBOM) from Go modules
Stars: ✭ 27 (-93.4%)
specificationSoftware Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis
Stars: ✭ 129 (-68.46%)
cwe-sdk-javascriptA Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
Stars: ✭ 18 (-95.6%)
owasp-zap-jwt-addonOWASP ZAP addon for finding vulnerabilities in JWT Implementations
Stars: ✭ 23 (-94.38%)
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (-31.78%)
juice-shop-ctfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox
Stars: ✭ 287 (-29.83%)
dotnet-security-unit-testsA web application that contains several unit tests for the purpose of .NET security
Stars: ✭ 25 (-93.89%)
OWASP-Calculator🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment
Stars: ✭ 109 (-73.35%)
threatmodel-sdkA Java library for parsing and programmatically using threat models
Stars: ✭ 68 (-83.37%)
MaryamMaryam: Open-source Intelligence(OSINT) Framework
Stars: ✭ 371 (-9.29%)
Awesome Threat ModellingA curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Stars: ✭ 319 (-22%)
Iotgoat IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
Stars: ✭ 275 (-32.76%)
dependency-check-py🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Stars: ✭ 44 (-89.24%)
aks-baseline-regulatedThis is the Azure Kubernetes Service (AKS) baseline cluster for regulated workloads reference implementation as produced by the Microsoft Azure Architecture Center.
Stars: ✭ 73 (-82.15%)
dependency-track-maven-pluginMaven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
Stars: ✭ 28 (-93.15%)
webdriverio-zap-proxyDemo - how to easily build security testing for Web App, using Zap and Glue
Stars: ✭ 58 (-85.82%)
owtf-dockerDocker repository for OWTF (64-bit Kali)
Stars: ✭ 32 (-92.18%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (-62.59%)
aws-firewall-factoryDeploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (-82.4%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-89.49%)
bWAPPbWAPP latest modified for PHP7
Stars: ✭ 30 (-92.67%)
assimilation-officialThis is the official main repository for the Assimilation project
Stars: ✭ 47 (-88.51%)
VbscanOWASP VBScan is a Black Box vBulletin Vulnerability Scanner
Stars: ✭ 295 (-27.87%)