Trending repositories for topic owasp

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

In-depth attack surface mapping and asset discovery

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

A collection of hacking / penetration testing resources to make you better!

Awesome Node.js Security resources

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

OWASP CRS (Official Repository)

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

DevSecOps, ASPM, Vulnerability Management. All on one platform.

A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展，支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...

A list of web application security

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...

I love to teach dotnet concepts in a simple way with real world examples to people who aspire to to be a dotnet developer. I also help developers to refresh their memory with easy to understand analog...

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展，支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

OWASP CRS (Official Repository)

Awesome Node.js Security resources

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

An open source threat modeling tool from OWASP

The Secure Coding Dojo is a platform for delivering secure coding knowledge.

Vulnerable app with examples showing how to not use secrets

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

In-depth attack surface mapping and asset discovery

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

A collection of hacking / penetration testing resources to make you better!

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Awesome Node.js Security resources

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

OWASP CRS (Official Repository)

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

A list of web application security

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展，支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP

DevSecOps, ASPM, Vulnerability Management. All on one platform.

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...

CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.

Enterprise ready REST API microservice in golang

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展，支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com

I love to teach dotnet concepts in a simple way with real world examples to people who aspire to to be a dotnet developer. I also help developers to refresh their memory with easy to understand analog...

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

OWASP Kubernetes security and compliance tool [WIP]

🔓A curated list of modern Android exploitation conference talks.

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

Easily improve the security of your web applications with aws firewall factory. Protect your valuable assets with seamless WAF deployment, updates, and staging, all efficiently managed centrally with ...

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

In-depth attack surface mapping and asset discovery

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

A collection of hacking / penetration testing resources to make you better!

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Next generation web scanner

Awesome Node.js Security resources

DevSecOps, ASPM, Vulnerability Management. All on one platform.

A list of web application security

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...

OWASP CRS (Official Repository)

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...

Enterprise ready REST API microservice in golang

Utility that provides an API platform for validating, querying and managing BOM data

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...

Cosmos Market Apps Build By TinyActive

A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展，支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP

This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios).

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

I love to teach dotnet concepts in a simple way with real world examples to people who aspire to to be a dotnet developer. I also help developers to refresh their memory with easy to understand analog...

vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rule...

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

OWASP Project Developer Guide - Document and Project Web pages

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...

🔓A curated list of modern Android exploitation conference talks.

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...

Corax for Java: A general static analysis framework for java code checking.

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support

Cosmos Market Apps Build By TinyActive

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

In-depth attack surface mapping and asset discovery

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

A collection of hacking / penetration testing resources to make you better!

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

No description

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

A list of web application security

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

DevSecOps, ASPM, Vulnerability Management. All on one platform.

Next generation web scanner

Vulnerable app with examples showing how to not use secrets

A curated list of resources for learning about application security

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

OWASP CRS (Official Repository)

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...

🔓A curated list of modern Android exploitation conference talks.

Corax for Java: A general static analysis framework for java code checking.

A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.

OWASP Machine Learning Security Top 10 Project

OWASP Project Developer Guide - Document and Project Web pages

No description

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

I love to teach dotnet concepts in a simple way with real world examples to people who aspire to to be a dotnet developer. I also help developers to refresh their memory with easy to understand analog...

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com

A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展，支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP

Enterprise ready REST API microservice in golang

Utility that provides an API platform for validating, querying and managing BOM data

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...

Venom tests suite to validate an HTTP security response headers configuration against OSHP recommendation.

My personal collection of resources (mostly tools and training materials) for source code security audits.

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware

vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rule...

Vulnerable app with examples showing how to not use secrets