Trending repositories for topic appsec
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
A Burp extension helps identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations, while also converting HTTP requests to JavaScript for enhanced...
A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
A Burp extension helps identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations, while also converting HTTP requests to JavaScript for enhanced...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
An OOB interaction gathering server and client library
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
Focused malicious code detection ruleset, with a high protection-to-noise ratio
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Focused malicious code detection ruleset, with a high protection-to-noise ratio
This repo contains the code for my secure code review challenges
A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Focused malicious code detection ruleset, with a high protection-to-noise ratio
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Datadog Go Library including APM tracing, profiling, and security monitoring.
Focused malicious code detection ruleset, with a high protection-to-noise ratio
This repo contains the code for my secure code review challenges
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
Stop leaks. Safeguard your secrets with GitGuardian. GitGuardian actively prevents accidental exposure of sensitive information in your code, allowing you to code confidently and maintain the integrit...
A CLI tool to scan and fix your project's open-source vulnerabilities using Seal packages.
A simple PHP application to learn SQL Injection detection and exploitation techniques.
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
Datadog Go Library including APM tracing, profiling, and security monitoring.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
HTTP client with built-in SSRF protection, compatible with Tesla and HTTPoison
AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration testers and bug bounty hunters conducting reconnaissance, AssetViz ...
A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
Focused malicious code detection ruleset, with a high protection-to-noise ratio
oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
Awesome products for securing AI systems includes open source and commercial options and an infographic licensed CC-BY-SA-4.0.
AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration testers and bug bounty hunters conducting reconnaissance, AssetViz ...
Stop leaks. Safeguard your secrets with GitGuardian. GitGuardian actively prevents accidental exposure of sensitive information in your code, allowing you to code confidently and maintain the integrit...
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
This repo contains the code for my secure code review challenges
AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration testers and bug bounty hunters conducting reconnaissance, AssetViz ...
CodeBreakers: From Dev to Hacker - Teaching developers to how become a app sec ninja !
A CLI tool to scan and fix your project's open-source vulnerabilities using Seal packages.
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
SDK providing app protection and threat monitoring for mobile devices. Works with Flutter, React Native, Android and iOS. Shield your app with free RASP. Detect reverse engineering, root (Magisk), jai...
OWASP Machine Learning Security Top 10 Project