Trending repositories for topic appsec
serve as a reverse proxy to protect your web services from attacks and exploits.
A CRUD engine for MongoDB with a Prisma-like schema definition language
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
w3af: web application attack and audit framework, the open source web vulnerability scanner.
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
A CRUD engine for MongoDB with a Prisma-like schema definition language
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
serve as a reverse proxy to protect your web services from attacks and exploits.
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, secu...
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
w3af: web application attack and audit framework, the open source web vulnerability scanner.
serve as a reverse proxy to protect your web services from attacks and exploits.
A CRUD engine for MongoDB with a Prisma-like schema definition language
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
A library for detecting known secrets across many web frameworks
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
A CRUD engine for MongoDB with a Prisma-like schema definition language
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
serve as a reverse proxy to protect your web services from attacks and exploits.
A library for detecting known secrets across many web frameworks
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
DevSecOps, ASPM, Vulnerability Management. All on one platform.
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
serve as a reverse proxy to protect your web services from attacks and exploits.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
A CRUD engine for MongoDB with a Prisma-like schema definition language
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
w3af: web application attack and audit framework, the open source web vulnerability scanner.
A CRUD engine for MongoDB with a Prisma-like schema definition language
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
serve as a reverse proxy to protect your web services from attacks and exploits.
A library for detecting known secrets across many web frameworks
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
A simple PHP application to learn SQL Injection detection and exploitation techniques.
OWASP Foundation Threat Dragon Project Web Repository
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
This repo contains the code for my secure code review challenges
Awesome products for securing AI systems includes open source and commercial options and an infographic licensed CC-BY-SA-4.0.
subfalcon is a subdomain enumeration tool that allows you to discover and monitor subdomains for a given list of domains. It fetches subdomains from various sources [crtsh, hackertargetapi, anubis, al...
AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration testers and bug bounty hunters conducting reconnaissance, AssetViz ...
CodeBreakers: From Dev to Hacker - Teaching developers to how become a app sec ninja !
serve as a reverse proxy to protect your web services from attacks and exploits.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
A CRUD engine for MongoDB with a Prisma-like schema definition language
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
CodeBreakers: From Dev to Hacker - Teaching developers to how become a app sec ninja !
AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration testers and bug bounty hunters conducting reconnaissance, AssetViz ...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
serve as a reverse proxy to protect your web services from attacks and exploits.
OWASP Machine Learning Security Top 10 Project
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
This repository was developed using .NET 7.0 API technology based on findings listed in the OWASP 2019 API Security Top 10.
SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.
A library for detecting known secrets across many web frameworks
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
OWASP BLT is tool with the purpose of making the web a safer place. We have many facets to the project.