172 Open source projects that are alternatives of or similar to www-project-vulnerable-web-applications-directory

OWASP Code Review Guide Web Repository

The OWASP ZAP Heads Up Display (HUD)

Some good resources for getting started with application security

Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

The OWASP ZAP core project

A simple PHP application to learn SQL Injection detection and exploitation techniques.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Application Security Awareness Training

OWASP ZAP Add-ons

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Documentation for Essential Node.js Security

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

OWASP Zed Attack Proxy project landing page.

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

Additional Resources For Securing The Stack Tutorials

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Integrates OWASP Zed Attack Proxy reports into SonarQube

Integrates Dependency-Check reports into SonarQube

Next generation web scanner

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Oversecured Vulnerable iOS App

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

This repository contains links to awesome security articles.

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

Web Application Secure Coding Handbook resource.

A server vulnerable to XXE that can be used to test payloads using the xxer tool.

An application to catch, search and analyze HTTP secure headers.

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

A simple Java command-line utility to mirror the entire contents of VulnDB.

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Presentations, training modules, and other education materials from Duo Security's Application Security team.

Machine Learning WAF Based

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

The Secure Coding Dojo is a platform for delivering secure coding training.

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Full Nuclei automation script with logic explanation.

bWAPP latest modified for PHP7

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

apache 2.x.x module, for CSRF mitigation

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

The DevSecOps toolset for REST APIs

No description or website provided.

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

CSRF Protector library: standalone library for CSRF mitigation

A simple tool for interacting with OWASP ZAP from the commandline.

OWASP Honeypot, Automated Deception Framework.

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

This is the official main repository for the Assimilation project

Pentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.