257 Open source projects that are alternatives of or similar to www-project-zap

The OWASP ZAP core project

Integrates OWASP Zed Attack Proxy reports into SonarQube

Additional Resources For Securing The Stack Tutorials

Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.

Fast and customizable vulnerability scanner based on simple YAML based DSL.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Integrates Dependency-Check reports into SonarQube

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

OWASP Code Review Guide Web Repository

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Owasp Zap chart for Kubernetes

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

Documentation for Essential Node.js Security

Next generation web scanner

Libellux: Up & Running provides documentation on how-to install open-source software from source. The focus is Zero Trust Network to enhance the security for existing applications or install tools to detect and prevent threats.

The OWASP ZAP Heads Up Display (HUD)

All-in-one tool for managing vulnerability reports from AppSec pipelines

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Some good resources for getting started with application security

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

OWASP ZAP Add-ons

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Vendor-Neutral Security Tool Automation Controller (over REST)

🆕 The Multi-Tool Web Vulnerability Scanner.

Application Security Awareness Training

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

Blazing fast, structured, leveled logging in Go.

Prints Stackdriver format logs with zap.

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

Oversecured Vulnerable iOS App

基于golang开源框架 gin封装的api框架

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Network traffic data pipeline for real-time predictions and building datasets for deep neural networks

Golang Clean Architecture REST API example

OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.

util toolkit for go.golang 通用函数包

The plugins of go2sky

The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.

Structured JSON logging Go libraries benchmark

Examples of using Uber's zap Go logging library

Scout - a Contactless Active Reconnaissance Tool

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

⚡ Delightful AppImage package manager

a template project of gin app.

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

mod: zap logging in golang

apache 2.x.x module, for CSRF mitigation

In progress rough solutions to bWAPP / bee-box

This repository contains links to awesome security articles.