67 Open Source Appsec Software Projects
Free and open source appsec code projects including engines, APIs, generators, and tools.
Cheatsheetseries 13836 ⭐
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Juice Shop 3847 ⭐
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
W3af 3351 ⭐
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Wstg 1661 ⭐
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Numirias Security 830 ⭐
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
Kamus 655 ⭐
An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
Dependency Track 613 ⭐
Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
Owasp Vwad 422 ⭐
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Race The Web 329 ⭐
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Www Community 266 ⭐
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Application Security Engineer Interview Questions 221 ⭐
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Awesome Threat Modelling 214 ⭐
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Sbt Dependency Check 176 ⭐
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
Kurukshetra 129 ⭐
Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Bag Of Holding 112 ⭐
An application to assist in the organization and prioritization of software security activities.
Securityrat 109 ⭐
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Dvfaas Damn Vulnerable Functions As A Service 87 ⭐
Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
Dependency Check Plugin 85 ⭐
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Njsscan 86 ⭐
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Resources For Application Security 54 ⭐
Some good resources for getting started with application security
Jwtweak 47 ⭐
Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Softrams Bulwark 58 ⭐
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Reapsaw 33 ⭐
Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Appsec Education 35 ⭐
Presentations, training modules, and other education materials from Duo Security's Application Security team.
Ukraine Infosec Conferences 33 ⭐
Анонси, програми та архів матеріалів українських конференцій з кібер-безпеки.
Sqlinjection Training App 31 ⭐
A simple PHP application to learn SQL Injection detection and exploitation techniques.
Zap Mini Workshop 26 ⭐
Interactive IPython Notebook to demonstrate OWASP ZAP's API and Scripting Functions - OWASP ZAP 2.8.0
Awesome Frontend Security 25 ⭐
☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!
Cryptonice 25 ⭐
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.
Www Project Vulnerable Web Applications Directory 10 ⭐
The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site
Web Methodology 117 ⭐
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki