There are 45 repositories under appsec topic.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Web path scanner
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A list of web application security
Next generation web scanner
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
DevSecOps, ASPM, Vulnerability Management. All on one platform.
8 Lessons, Kick-start Your Cybersecurity Learning.
An OOB interaction gathering server and client library
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Resources for Application Security including Web, API, Android, iOS and Thick Client
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer