121 Open source projects that are alternatives of or similar to www-project-web-security-testing-guide

In-depth Attack Surface Mapping and Asset Discovery

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Audit tool to find common vulnerabilities in PHP source code

OWASP Seraphimdroid is an open source project with aim to create, as a community, an open platform for education and protection of Android users against privacy and security threats.

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Integrates OWASP Zed Attack Proxy reports into SonarQube

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

OWASP Honeypot, Automated Deception Framework.

Desktop variant of OWASP Threat Dragon

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Automated Security Testing For REST API's

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Some good resources for getting started with application security

Awesome Node.js Security resources

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Additional Resources For Securing The Stack Tutorials

Detect root, emulation, debug mode and other security concerns in your Xamarin apps

The DevSecOps toolset for REST APIs

A simple tool for interacting with OWASP ZAP from the commandline.

nodejs + express security and performance boilerplate.

Run Capture the Flags and Security Trainings with OWASP Juice Shop

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Machine Learning WAF Based

OWASP Cloud Security - Enabling conversations through threat and control stories

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

Sqreen's Application Security Management for the Go language

An application to catch, search and analyze HTTP secure headers.

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

apache 2.x.x module, for CSRF mitigation

A collection of hacking / penetration testing resources to make you better!

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

GitBook markdown content for the eBook "Pwning OWASP Juice Shop"

Pentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.

Hacking tools

The Secure Coding Dojo is a platform for delivering secure coding training.

A simple web app that helps developers understand the ASVS requirements.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

The OWASP ZAP Heads Up Display (HUD)

The OWASP ZAP core project

Web Application Secure Coding Handbook resource.

Learning Penetration Testing of Android Applications

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

An open source, online threat modelling tool from OWASP

completely ridiculous API (crAPI)

The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)

No description or website provided.

Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻

OWASP Zed Attack Proxy project landing page.

OWASP Code Review Guide Web Repository

CSRF Protector library: standalone library for CSRF mitigation