appsec

There are 45 repositories under appsec topic.

OWASP / CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
application-security appsec best-practices cheatsheets code owasp security
Language:Python 26462
zaproxy / zaproxy
The ZAP core project
zap zap-development dast appsec zaproxy security security-scanner hacktoberfest
Language:Java 11966
maurosoria / dirsearch
Web path scanner
fuzzer fuzzing python security dirsearch hacking pentesting penetration-testing bug-bounty appsec wordlist hacking-tool infosec brute scanner bugbounty enumeration pentest-tool red-teaming redteam
Language:Python 11212
juice-shop
juice-shop / juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
owasp javascript vulnerable hacking application-security owasp-top-10 owasp-top-ten pentesting vulnapp appsec ctf hacktoberfest 24pullrequests security
Language:TypeScript 9498
wstg
OWASP / wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
best-practices guide owasp bugbounty penetration-testing pentesting application-security security hacktoberfest appsec hacking
Language:Dockerfile 6657
infoslack / awesome-web-hacking
A list of web application security
penetration-testing web-hacking vulnerabilities scanner hacking hacking-tools metasploit web-security appsec owasp pentesting security vulnerability
5428
urbanadventurer / WhatWeb
Next generation web scanner
application-security appsec hacking hacking-tools kali-linux network-security owasp penetration-test penetration-testing penetration-testing-tools pentest pentesting pentesting-tools recon ruby scanner security security-tools web web-hacking
Language:Ruby 5091
OWASP / Go-SCP
Golang Secure Coding Practices guide
appsec golang
Language:Go 4704
infobyte / faraday
Open Source Vulnerability Management Platform
devops penetration-testing vulnerability vulnerability-scanners security security-audit pentesting continuous-scanning infosec vulnerability-management collaboration burpsuite nessus nmap devsecops security-automation orchestration cve appsec cybersecurity
Language:Python 4601
andresriancho / w3af
w3af: web application attack and audit framework, the open source web vulnerability scanner.
appsec cross-site-scripting scanner security sql-injection
Language:Python 4443
jassics / security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
aws-security study-guide study-plan appsec appsec-tutorials azure-security devsecops-university gcp-security pentesting application-security cybersecurity cybersecurity-education infosec security-testing study-planner api-security
4104
foospidy / payloads
Git All the Payloads! A collection of web attack payloads.
payload payloads xss sqli web-attack-payloads passwords pentest hacking appsec cybersecurity
Language:Shell 3515
DefectDojo / django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
python vulnerability-databases django security owasp analytics vulnerability-management automation security-automation security-orchestration devsecops vulnerability-correlation kubernetes hacktoberfest appsec
Language:HTML 3380
Security-101
microsoft / Security-101
8 Lessons, Kick-start Your Cybersecurity Learning.
appsec cia-triad data-protection data-security iam identity risk-management secops security threat-modeling zero-trust
3238
projectdiscovery / interactsh
An OOB interaction gathering server and client library
appsec oast dns security http smtp ldap oob bugbounty golang
Language:Go 3082
dependency-track
DependencyTrack / dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca bill-of-materials vulndb package-url purl vulnerability-detection ossindex sbom devsecops security-automation cyclonedx
Language:Java 2316
ziti
openziti / ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
appsec golang mesh netsec network networking overlay overlay-network secure-networking vpn vpn-2 zero-trust zero-trust-cloud zero-trust-network zero-trust-network-access zero-trust-security zerotrust ztaa ztha ztna
Language:Go 2037
Checkmarx / kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners
Language:Open Policy Agent 1887
cicd-goat
cider-security-research / cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
appsec cicd devops infosec devsecops security jenkins ctf gitlab
Language:Python 1806
bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast static-code-analysis vulnerability security-audit security-scanner vulnerabilities code-quality static-analysis security-automation owasp
Language:Go 1726
summitt / Nope-Proxy
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
appsec appsecurity burp-extensions burp-plugin burpsuite burpsuite-extender hacking mitmproxy pentesting protobuf proxy tcp tcpproxy udp websockets updproxy
Language:Java 1503
awesome-threat-modelling
hysnsec / awesome-threat-modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
threat-modeling practical-devsecops security-review devsecops-university appsec devsecops awesome awesome-list
Language:Dockerfile 1243
webpwnized / mutillidae
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
security owasp owasp-top-10 cybersecurity training web application top 10 appsec penetration-testing
Language:PHP 1170
httpvoid / writeups
appsec security security-vulnerability
1155
vapi
roottusk / vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
owasp api apitop10 owasp-top-10 owasp-top-ten vulnerable-application appsec appsec-tutorials bugbounty hacktoberfest docker cors php postman hacktoberfest-accepted exercises
Language:HTML 1105
OWASP / www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
appsec community-project owasp
Language:HTML 1014
Soluto / kamus
An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
kubernetes-secrets appsec gitops devops kubernetes kms soluto-open-source
Language:C# 913
ayoubfathi / leaky-paths
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
fuzzing recon bugbounty pentest security security-tools nuclei dirsearch ffuf dirbuster appsec penetration-testing redteam redteaming wordlist axiom meg subfinder wayback-machine hacktoberfest
886
numirias / security
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
appsec pentesting security
866
OWASP / railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
appsec owasp-top rails ruby ruby-on-rails security vulnerabilities
Language:HTML 852
OWASP / OWASP-VWAD
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
appsec vulnerable-web-app vulnerable-web-application vulnerable owasp
820
zaproxy / zap-extensions
ZAP Add-ons
zap zaproxy dast appsec security security-scanner hacktoberfest
Language:Java 797
ShiftLeftSecurity / sast-scan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
sast devsecops appsec license-scan dependency-scan workflow scanners
Language:Python 771
openappsec / openappsec
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
api-security application-security kubernetes nginx web-application-firewall appsec devsecops kong rate-limiting security-tools threat-prevention waf owasp owasp-top-ten nginx-proxy-manager
Language:C++ 651
Anof-cyber / Application-Security
Resources for Application Security including Web, API, Android, iOS and Thick Client
android application-security appsec bugbounty cybersecurity hacking infosec penetration-testing penetration-testing-notes pentesting security security-testing
628
security-prince / Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
security-engineer-interview webappsec appsec devsecops infosec application-security vulnerability sdlc xss interview-questions security-team websecurity websec websecurity-reference security-engineering
604