Trending repositories for topic owasp
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
A collection of hacking / penetration testing resources to make you better!
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
DevSecOps, ASPM, Vulnerability Management. All on one platform.
A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...
Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...
I love to teach dotnet concepts in a simple way with real world examples to people who aspire to to be a dotnet developer. I also help developers to refresh their memory with easy to understand analog...
Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
The Secure Coding Dojo is a platform for delivering secure coding knowledge.
Vulnerable app with examples showing how to not use secrets
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A collection of hacking / penetration testing resources to make you better!
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP
DevSecOps, ASPM, Vulnerability Management. All on one platform.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...
CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
Create CycloneDX Software Bill of Materials (SBOM) from Node.js NPM projects.
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
I love to teach dotnet concepts in a simple way with real world examples to people who aspire to to be a dotnet developer. I also help developers to refresh their memory with easy to understand analog...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
🔓A curated list of modern Android exploitation conference talks.
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
Easily improve the security of your web applications with aws firewall factory. Protect your valuable assets with seamless WAF deployment, updates, and staging, all efficiently managed centrally with ...
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
A collection of hacking / penetration testing resources to make you better!
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
DevSecOps, ASPM, Vulnerability Management. All on one platform.
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...
Utility that provides an API platform for validating, querying and managing BOM data
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...
A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP
This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios).
OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
I love to teach dotnet concepts in a simple way with real world examples to people who aspire to to be a dotnet developer. I also help developers to refresh their memory with easy to understand analog...
vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rule...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
OWASP Project Developer Guide - Document and Project Web pages
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...
🔓A curated list of modern Android exploitation conference talks.
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...
Corax for Java: A general static analysis framework for java code checking.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A collection of hacking / penetration testing resources to make you better!
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Vulnerable app with examples showing how to not use secrets
A curated list of resources for learning about application security
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, E...
🔓A curated list of modern Android exploitation conference talks.
Corax for Java: A general static analysis framework for java code checking.
A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
OWASP Machine Learning Security Top 10 Project
OWASP Project Developer Guide - Document and Project Web pages
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
I love to teach dotnet concepts in a simple way with real world examples to people who aspire to to be a dotnet developer. I also help developers to refresh their memory with easy to understand analog...
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP
Utility that provides an API platform for validating, querying and managing BOM data
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t...
Venom tests suite to validate an HTTP security response headers configuration against OSHP recommendation.
My personal collection of resources (mostly tools and training materials) for source code security audits.
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rule...
Vulnerable app with examples showing how to not use secrets