Trending repositories for topic owasp
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
A collection of hacking / penetration testing resources to make you better!
vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rule...
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
DevSecOps, ASPM, Vulnerability Management. All on one platform.
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
A industry-leading free, high-performance, AI and semantic technology web application firewall and API security protection product - UUSEC WAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WA...
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information wi...
vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rule...
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
A industry-leading free, high-performance, AI and semantic technology web application firewall and API security protection product - UUSEC WAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WA...
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rule...
A collection of hacking / penetration testing resources to make you better!
DevSecOps, ASPM, Vulnerability Management. All on one platform.
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information wi...
A standard API specification for exchanging supply chain artifacts and intelligence
OpenShield is a new generation security layer for AI models
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rule...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.
Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A industry-leading free, high-performance, AI and semantic technology web application firewall and API security protection product - UUSEC WAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WA...
A collection of hacking / penetration testing resources to make you better!
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
A curated list of resources for learning about application security
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
A standard API specification for exchanging supply chain artifacts and intelligence
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
A industry-leading free, high-performance, AI and semantic technology web application firewall and API security protection product - UUSEC WAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WA...
OWASP Project Developer Guide - Document and Project Web pages
OpenShield is a new generation security layer for AI models
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
My personal collection of resources (mostly tools and training materials) for source code security audits.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
libinjection is a Golang port of the libinjection(https://github.com/client9/libinjection)
OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rule...
Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support
OWASP Amass Docker Compose for setting up a full instance of the infrastructure
CVE-2024-27198 & CVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A collection of hacking / penetration testing resources to make you better!
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
A curated list of resources for learning about application security
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...
😎 🔗 Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towar...
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets
A standard API specification for exchanging supply chain artifacts and intelligence
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information wi...
OWASP Project Developer Guide - Document and Project Web pages
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
A industry-leading free, high-performance, AI and semantic technology web application firewall and API security protection product - UUSEC WAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WA...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
My personal collection of resources (mostly tools and training materials) for source code security audits.
Utility that provides an API platform for validating, querying and managing BOM data
vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rule...
OWASP Machine Learning Security Top 10 Project
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects