4468 Open source projects that are alternatives of or similar to Zaproxy

Integrates OWASP Zed Attack Proxy reports into SonarQube

OWASP ZAP Add-ons

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The OWASP ZAP Heads Up Display (HUD)

OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.

OWASP Zed Attack Proxy project landing page.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

OWASP ZAP addon for finding vulnerabilities in JWT Implementations

Vendor-Neutral Security Tool Automation Controller (over REST)

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

OWASP Code Review Guide Web Repository

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Additional Resources For Securing The Stack Tutorials

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

secureCodeBox (SCB) - continuous secure delivery out of the box

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

Some good resources for getting started with application security

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Demo - how to easily build security testing for Web App, using Zap and Glue

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

Nmap and NSE command line wrapper in the style of Metasploit

Owasp Zap chart for Kubernetes

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

💡 A hinting engine for the web

Integrates Dependency-Check reports into SonarQube

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

Documentation for Essential Node.js Security

Next generation web scanner

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Application Security Awareness Training

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Extract embedded VBIOS from (almost) any BIOS Update

Manage Linux system resources and services from hiera configuration

Boilerplate-free decorator-based class logging

💻 A fissure Companion App for Warframe

🚀 Browser extension to display size of each file, download link and copy file contents directly to the clipboard

📖 An example-based Node.js tutorial.

Kubernetes object analysis with recommendations for improved reliability and security

Practice your skills with these ideas.

Make your first Pull Request and earn a free tee from GitHub!

A repository to contribute to Hacktoberfest 2019

An event organised by GNU/Linux Users' Group, NIT Durgapur. Visit

TypeScript execution and REPL for node.js

Massively parallel GPU programming on JavaScript, simple and clean.

Download ScriptAnalyzer from PowerShellGallery

Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec

chef-vault cookbook

Documenting RenewedVision's undocumented Remote Control protocol with examples

Use Vagrant to manage Sakura Cloud instances.

Sistema de Apoio ao Processo Legislativo

Nvim Treesitter configurations and abstraction layer

Chinese Localization for Jenkins

This is the project website for the TEAMMATES feedback management tool for education

Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner.