application-security
There are 46 repositories under application-security topic.
OWASP / CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Language:Python 26682- juice-shop
juice-shop / juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Language:TypeScript 9615 - wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Language:Dockerfile 6757 paragonie / awesome-appsec
A curated list of resources for learning about application security
Language:PHP 6123urbanadventurer / WhatWeb
Next generation web scanner
Language:Ruby 5128jassics / security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
payloadbox / command-injection-payload-list
🎯 Command Injection Payload List
ComplianceAsCode / content
Security automation content in SCAP, Bash, Ansible, and other formats
Language:Shell 2093s4n7h0 / xvwa
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
Language:PHP 1663metlo-labs / metlo
Metlo is an open-source API security platform.
Language:TypeScript 1568- learn365
harsh-bothra / learn365
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
- awesome-devsecops
TaptuIT / awesome-devsecops
Curating the best DevSecOps resources and tooling.
Janusec / janusec
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。
Language:Go 1109guardrailsio / awesome-php-security
Awesome PHP Security Resources 🕶🐘🔐
- breaking-and-pwning-apps-and-servers-aws-azure-training
appsecco / breaking-and-pwning-apps-and-servers-aws-azure-training
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
Language:CSS 918 Quitten / Autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Language:Python 887olacabs / jackhammer
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
security-vulnerability-assessmentvulnerability-managementstatic-code-analysismobile-securitywebappsecwordpress-securitynetwork-securitysecurity-scannersecuritydynamic-analysissource-code-analysispenetration-testingpenetration-testing-frameworkapplication-securityvulnerability-scannersvulnerability-scanningvulnerability-assessmentLanguage:Java 716wallarm / awesome-nginx-security
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
openappsec / openappsec
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Language:C++ 683Anof-cyber / Application-Security
Resources for Application Security including Web, API, Android, iOS and Thick Client
rewanthtammana / Damn-Vulnerable-Bank
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Language:Java 610security-prince / Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
brcyrr / PracticalCyberSecurityResources
This repository contains a curated list of resources I suggest on LinkedIn and Twitter.📝🌝
MattKeeley / Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Language:Python 545- Awesome-Android-Reverse-Engineering
user1342 / Awesome-Android-Reverse-Engineering
A curated list of awesome Android Reverse Engineering training, resources, and tools.
- uuWAF
Safe3 / uuWAF
A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP
Language:C 515 🎯 RFI/LFI Payload List
Cy-clon3 / awesome-ios-security
A curated list of awesome iOS application security resources.
- Language:PHP 419
SmileZXLee / ZXHookDetection
【iOS应用安全、安全攻防】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议Demo);【数据传输安全】浅谈http、https与数据加密
Language:Objective-C 419lukeFalsina / Grab-n-Run
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
Language:Java 415flipkart-incubator / watchdog
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Language:Python 407- juice-shop-ctf
Tool to export Juice Shop challenges and hints in data format compatible with CTFd, RootTheBox or FBCTF
Language:JavaScript 395
