Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+926.92%)
Xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Stars: ✭ 6,218 (+23815.38%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+461.54%)
SQL-XSSA few SQL and XSS attack tools
Stars: ✭ 29 (+11.54%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (+223.08%)
SecExampleJAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (+776.92%)
cve-2016-1764Extraction of iMessage Data via XSS
Stars: ✭ 52 (+100%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+47000%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+3311.54%)
GowaptGo Web Application Penetration Test
Stars: ✭ 300 (+1053.85%)
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+3157.69%)
APSoft-Web-Scanner-v2Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (+269.23%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+9965.38%)
GodnslogAn exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Stars: ✭ 172 (+561.54%)
Uxss Db🔪Browser logic vulnerabilities ☠️
Stars: ✭ 565 (+2073.08%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+826.92%)
wasecExamples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.
Stars: ✭ 74 (+184.62%)
attack-surface-detector-zapThe Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Stars: ✭ 52 (+100%)
security-wrapper对springSecurity进行二次开发,提供OAuth2授权(支持跨域名,多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定,解绑)、加密通信等一系列安全场景的解决方案
Stars: ✭ 21 (-19.23%)
Chimay-Red-tinyThis is a minified exploit for mikrotik routers. It does not require any aditional modules to run.
Stars: ✭ 25 (-3.85%)
log4shell-finderFastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.
Stars: ✭ 22 (-15.38%)
python-sdkPython SDK to access the vulnerability database
Stars: ✭ 22 (-15.38%)
reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (+830.77%)
persistent-clientside-xssExploit generator and Taint Engine to find persistent (and reflected) client-side XSS
Stars: ✭ 19 (-26.92%)
diwaA Deliberately Insecure Web Application
Stars: ✭ 32 (+23.08%)
exploitMy exploitDB.
Stars: ✭ 16 (-38.46%)
Detect-CVE-2017-15361-TPMDetects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber
Stars: ✭ 34 (+30.77%)
safe-markedMarkdown to HTML using marked and DOMPurify. Safe by default.
Stars: ✭ 31 (+19.23%)
xss-chefA web application for generating custom XSS payloads
Stars: ✭ 70 (+169.23%)
Foxss-XSS-Penetration-Testing-ToolFoxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.
Stars: ✭ 35 (+34.62%)
ng-dompurifyInclusive Angular API for DOMPurify
Stars: ✭ 65 (+150%)
cyber-gymDeliberately vulnerable scripts for Web Security training
Stars: ✭ 19 (-26.92%)
xsymlinkXbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.
Stars: ✭ 18 (-30.77%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-7.69%)
smartbugsSmartBugs: A Framework to Analyze Solidity Smart Contracts
Stars: ✭ 222 (+753.85%)
xssmapIntelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (+311.54%)
firmeyeIoT固件漏洞挖掘工具
Stars: ✭ 133 (+411.54%)
lachesis👨💻 A work-in-progress web services mass scanner written in Rust
Stars: ✭ 55 (+111.54%)
vulnerablecodeA free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
Stars: ✭ 269 (+934.62%)
waithaxAn implementation of the waithax / slowhax 3DS Kernel11 exploit.
Stars: ✭ 64 (+146.15%)
ExploitsReal world and CTFs exploiting web/binary POCs.
Stars: ✭ 69 (+165.38%)
CVE-2021-33766ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
Stars: ✭ 37 (+42.31%)
CVE-2021-31728vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.
Stars: ✭ 63 (+142.31%)
PinaakA vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
Stars: ✭ 69 (+165.38%)
ngx http html sanitize moduleIt's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property
Stars: ✭ 14 (-46.15%)
NachtWalReinforced Mitigation Security Filter
Stars: ✭ 17 (-34.62%)
vulnerabilitiesList of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-46.15%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (+226.92%)
hacking-resourcesHacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.
Stars: ✭ 1,386 (+5230.77%)
awesome-log4shellAn Awesome List of Log4Shell resources to help you stay informed and secure! 🔒
Stars: ✭ 194 (+646.15%)
log4jscanwinLog4j Vulnerability Scanner for Windows
Stars: ✭ 142 (+446.15%)
litewafLightweight In-App Web Application Firewall for PHP
Stars: ✭ 32 (+23.08%)
Android-LDoSNo description or website provided.
Stars: ✭ 15 (-42.31%)