conikeec

seeve

A set of vulnerable C code snippets (with mapped CVEs)

jackspoilt

Contextual Deserialization vulnerability that causes RCE - Remote Code Execution

explnode

An exploitable nodejs application

springboot-security

An spring boot based application leveraging spring security features

ollama_aws

Playbook to deploy Ollama in AWS

easy_rust_md

A port of David MacLeod's book to mdbook

sunburst-analysis

Analysis of SunBurst (SolarWinds) embedded backdoor

tarpit

A damn vulnerable application to showcase Ocular's capability

Benchmark

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.

bounty-targets-data

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

CVE-2017-5645

CVE-2017-5645 - Apache Log4j RCE due Insecure Deserialization

devops-demo-code-scanning

NodeJS project with ZipSlip vulnerability

DIVA

The Demandware Intentionally Vulnerable WebApp is a teaching tool to help those interested in security test their skills on increasingly tough challenges

DVWA

Damn Vulnerable Web Application (DVWA)

git-flight-rules

Flight rules for git

HelloShiftLeft

helloshiftleftplay

vulnerable play app

java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

log4shell-scanner-rs

Scans the file system to find Log4Shell vulnerabilities.

log4shell-vulnerable-app

A Basic Java Application Vulnerable to the Log4Shell RCE

mdparser

A simple Markdown Parser

NodeGoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

shiftleft-csharp-demo

shiftleft-java-demo

shiftleft-js-demo

spring-security-registration

Just Announced - "Learn Spring Security OAuth":

SpringMvcPathVariable

Annotations based project for Threat Hunting

SpringMvcXSSFilter

Basic spring mvc with xss filter. only java config.

vercel-wasm-runtime

A template project for building high-performance, portable, and safe serverless functions in Vercel.