appsec

There are 47 repositories under appsec topic.

OWASP / CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
owasp code security cheatsheets best-practices appsec application-security
Language:Python 26682
zaproxy / zaproxy
The ZAP core project
appsec dast hacktoberfest security security-scanner zap zap-development zaproxy
Language:Java 12057
maurosoria / dirsearch
Web path scanner
appsec brute bug-bounty bugbounty dirsearch enumeration fuzzer fuzzing hacking hacking-tool infosec penetration-testing pentest-tool pentesting python red-teaming redteam scanner security wordlist
Language:Python 11342
juice-shop
juice-shop / juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Language:TypeScript 9617
wstg
OWASP / wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
best-practices guide owasp bugbounty penetration-testing pentesting application-security security hacktoberfest appsec hacking
Language:Dockerfile 6757
infoslack / awesome-web-hacking
A list of web application security
penetration-testing web-hacking vulnerabilities scanner hacking hacking-tools metasploit web-security appsec owasp pentesting security vulnerability
5457
urbanadventurer / WhatWeb
Next generation web scanner
security web scanner ruby penetration-testing kali-linux owasp penetration-testing-tools penetration-test hacking hacking-tools network-security recon appsec application-security pentesting pentesting-tools pentest web-hacking security-tools
Language:Ruby 5128
OWASP / Go-SCP
Golang Secure Coding Practices guide
appsec golang
Language:Go 4738
infobyte / faraday
Open Source Vulnerability Management Platform
devops penetration-testing vulnerability vulnerability-scanners security security-audit pentesting continuous-scanning infosec vulnerability-management collaboration burpsuite nessus nmap devsecops security-automation orchestration cve appsec cybersecurity
Language:Python 4642
andresriancho / w3af
w3af: web application attack and audit framework, the open source web vulnerability scanner.
scanner security appsec cross-site-scripting sql-injection
Language:Python 4456
jassics / security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
aws-security study-guide study-plan appsec appsec-tutorials azure-security devsecops-university gcp-security pentesting application-security cybersecurity cybersecurity-education infosec security-testing study-planner api-security
4126
foospidy / payloads
Git All the Payloads! A collection of web attack payloads.
payload payloads xss sqli web-attack-payloads passwords pentest hacking appsec cybersecurity
Language:Shell 3534
DefectDojo / django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
analytics appsec automation devsecops django hacktoberfest kubernetes owasp python security security-automation security-orchestration vulnerability-correlation vulnerability-databases vulnerability-management
Language:HTML 3430
Security-101
microsoft / Security-101
8 Lessons, Kick-start Your Cybersecurity Learning.
appsec cia-triad data-protection data-security iam identity risk-management secops security threat-modeling zero-trust
3422
projectdiscovery / interactsh
An OOB interaction gathering server and client library
appsec oast dns security http smtp ldap oob bugbounty golang
Language:Go 3120
dependency-track
DependencyTrack / dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca bill-of-materials vulndb package-url purl vulnerability-detection ossindex sbom devsecops security-automation cyclonedx
Language:Java 2355
ziti
openziti / ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
networking vpn-2 appsec network zero-trust zero-trust-cloud zero-trust-network zero-trust-network-access zero-trust-security ztaa ztha ztna overlay overlay-network netsec vpn zerotrust mesh golang secure-networking
Language:Go 2137
Checkmarx / kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
iac infrastructure-as-code security appsec cloudnative hacktoberfest devsecops golang security-tools vulnerability-detection vulnerability-scanners open-policy-agent
Language:Open Policy Agent 1914
cicd-goat
cider-security-research / cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
appsec cicd devops infosec devsecops security jenkins ctf gitlab
Language:Python 1818
bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast static-code-analysis vulnerability security-audit security-scanner vulnerabilities code-quality static-analysis security-automation owasp
Language:Go 1772
summitt / Nope-Proxy
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
appsec appsecurity burp-extensions burp-plugin burpsuite burpsuite-extender hacking mitmproxy pentesting protobuf proxy tcp tcpproxy udp websockets updproxy
Language:Java 1507
awesome-threat-modelling
hysnsec / awesome-threat-modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
threat-modeling practical-devsecops security-review devsecops-university appsec devsecops awesome awesome-list
Language:Dockerfile 1269
webpwnized / mutillidae
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
security owasp owasp-top-10 cybersecurity training web application top 10 appsec penetration-testing
Language:PHP 1182
httpvoid / writeups
appsec security security-vulnerability
1158
vapi
roottusk / vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
api apitop10 appsec appsec-tutorials bugbounty cors docker exercises hacktoberfest hacktoberfest-accepted owasp owasp-top-10 owasp-top-ten php postman vulnerable-application
Language:HTML 1116
OWASP / www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
owasp appsec community-project
Language:HTML 1026
Soluto / kamus
An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
kubernetes-secrets appsec gitops devops kubernetes kms soluto-open-source
Language:C# 914
ayoubfathi / leaky-paths
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
fuzzing recon bugbounty pentest security security-tools nuclei dirsearch ffuf dirbuster appsec penetration-testing redteam redteaming wordlist axiom meg subfinder wayback-machine hacktoberfest
893
numirias / security
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
security pentesting appsec
867
OWASP / railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
rails security appsec ruby ruby-on-rails owasp-top vulnerabilities
Language:HTML 855
OWASP / OWASP-VWAD
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
appsec vulnerable-web-app vulnerable-web-application vulnerable owasp
826
zaproxy / zap-extensions
ZAP Add-ons
zap zaproxy dast appsec security security-scanner hacktoberfest
Language:Java 799
ShiftLeftSecurity / sast-scan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
sast devsecops appsec license-scan dependency-scan workflow scanners
Language:Python 776
openappsec / openappsec
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
api-security application-security kubernetes nginx web-application-firewall appsec devsecops kong rate-limiting security-tools threat-prevention waf owasp owasp-top-ten nginx-proxy-manager
Language:C++ 683
Anof-cyber / Application-Security
Resources for Application Security including Web, API, Android, iOS and Thick Client
android application-security appsec bugbounty cybersecurity hacking infosec penetration-testing penetration-testing-notes pentesting security security-testing
634
security-prince / Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
security-engineer-interview webappsec appsec devsecops infosec application-security vulnerability sdlc xss interview-questions security-team websecurity websec websecurity-reference security-engineering
608