owasp

There are 72 repositories under owasp topic.

OWASP / CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
application-security appsec best-practices cheatsheets code owasp security
Language:Python 26650
Mobile-Security-Framework-MobSF
MobSF / Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
android-security api-testing apk cwe devsecops dynamic-analysis ios-security malware-analysis mastg masvs mobile-security mobsf mstg owasp rest runtime-security static-analysis web-security windows-mobile-security
Language:JavaScript 16379
vitalysim / Awesome-Hacking-Resources
A collection of hacking / penetration testing resources to make you better!
ctf hacking privilege-escalation reverse-engineering buffer-overflow penetration-testing owasp exploit malware windows-privilege-escalation privilege-escalation-linux mitm
14739
amass
owasp-amass / amass
In-depth attack surface mapping and asset discovery
go dns subdomain enumeration recon osint osint-reconnaissance network-security owasp maltego attack-surfaces information-gathering golang
Language:Go 11244
juice-shop
juice-shop / juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Language:TypeScript 9587
wstg
OWASP / wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security
Language:Dockerfile 6730
paragonie / awesome-appsec
A curated list of resources for learning about application security
application-security curated owasp reading-list security security-experts
Language:PHP 6116
infoslack / awesome-web-hacking
A list of web application security
appsec hacking hacking-tools metasploit owasp penetration-testing pentesting scanner security vulnerabilities vulnerability web-hacking web-security
5445
urbanadventurer / WhatWeb
Next generation web scanner
application-security appsec hacking hacking-tools kali-linux network-security owasp penetration-test penetration-testing penetration-testing-tools pentest pentesting pentesting-tools recon ruby scanner security security-tools web web-hacking
Language:Ruby 5113
kubernetes-goat
madhuakula / kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
blueteam cloud-native cloud-security cloudsecurity container container-security devsecops docker hacking infrastructure k8s kubernetes kubernetes-goat kubernetes-security owasp pentesting redteam security vulnerable-app
Language:HTML 3972
DefectDojo / django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
python vulnerability-databases django security owasp analytics vulnerability-management automation security-automation security-orchestration devsecops vulnerability-correlation kubernetes hacktoberfest appsec
Language:HTML 3422
microcosm-cc / bluemonday
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
allowlist go golang html owasp sanitization security xss
Language:Go 2987
OWASP / Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
python penetration-testing penetration-testing-framework owasp automation portscanner vulnerability-scanners information-gathering network-analysis bruteforce security security-tools scanner pentesting cve cves hacking-tools pentesting-tools vulnerability-scanner vulnerability-management
Language:Python 2976
awesome-nodejs-security
lirantal / awesome-nodejs-security
Awesome Node.js Security resources
cybersecurity hacktoberfest infosec nodejs owasp pentest security vulnerabilities web-security
2575
flipkart-incubator / Astra
Automated Security Testing For REST API's
ci-cd owasp penetration-testing penetration-testing-framework postman-collection python restapiautomation sdlc security security-automation
Language:Python 2430
dependency-track
DependencyTrack / dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca bill-of-materials vulndb package-url purl vulnerability-detection ossindex sbom devsecops security-automation cyclonedx
Language:Java 2347
find-sec-bugs
find-sec-bugs / find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
findbugs java security-audit owasp taint-analysis code-analysis security bytecode cwe static-analysis hacktoberfest
Language:Java 2207
coreruleset / coreruleset
OWASP CRS (Official Repository)
crs owasp ruleset security
Language:Python 1973
OWASP / owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
masvs verification mobile security audit penetration-tests standard gitbook penetration-testing owasp security-audit security-standards mstg ios-app android-app mastg
Language:Python 1945
phongnguyend / Practical.CleanArchitecture
Full-stack .Net 8 Clean Architecture (Microservices, Modular Monolith, Monolith), Blazor, Angular 17, React 18, Vue 3, BFF with YARP, Domain-Driven Design, CQRS, SOLID, Asp.Net Core Identity Custom Storage, OpenID Connect, Entity Framework Core, Selenium, SignalR, Hosted Services, Health Checks, Rate Limiting, Cloud Services (Azure, AWS, Google)...
cqrs domain-driven-design clean-architecture oauth2 signalr docker azure aws rabbitmq kafka blazor kubernetes microservices angular reactjs vuejs devops opentelemetry owasp
Language:C# 1923
coraza
corazawaf / coraza
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
coraza coraza-waf coreruleset go golang hacktoberfest http modsecurity owasp owasp-crs waf web-application-firewall
Language:Go 1844
themis
cossacklabs / themis
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
cryptography-library cryptography security golang ios swift objective-c python ruby php java javascript authentication secure-messenger secure-storage encryption symmetric-cryptography asymmetric-cryptography rust owasp
Language:C 1812
owtf / owtf
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
framework kali-linux owasp owtf pentest python security web-application-security
Language:Python 1763
bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast static-code-analysis vulnerability security-audit security-scanner vulnerabilities code-quality static-analysis security-automation owasp
Language:Go 1759
0xRadi / OWASP-Web-Checklist
OWASP Web Application Security Testing Checklist
bugbounty checklist owasp security security-tools security-vulnerability testing
1537
1N3 / BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
active application automated bugbounty csrf fuzzer lfi osint owasp passive python rce rfi scan scanner spider sqli vulnerability web xss
Language:Python 1458
wallarm / gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
api-security bugbounty graphql-security grpc-security owasp rest-security security security-testing security-tools waf web-application-firewall web-application-security
Language:Go 1414
xalgord / Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
bugbounty resources hacking owasp owasp-top-10 bug-bounty bugbountytips xalgord collection ethical-hacking
1184
webpwnized / mutillidae
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
security owasp owasp-top-10 cybersecurity training web application top 10 appsec penetration-testing
Language:PHP 1179
OWASP / wrongsecrets
Vulnerable app with examples showing how to not use secrets
hashicorp-vault terraform-aws java kubernetes secrets secrets-management vault devsecops security aws gcp terraform-gcp azure terraform-azure ctf vulnerable-web-app docker keepass owasp
Language:Java 1150
vapi
roottusk / vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
owasp api apitop10 owasp-top-10 owasp-top-ten vulnerable-application appsec appsec-tutorials bugbounty hacktoberfest docker cors php postman hacktoberfest-accepted exercises
Language:HTML 1115
OWASP / www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
owasp appsec community-project
Language:HTML 1024
OWASP / joomscan
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
0day exploit joomla joomla-cms joomscan owasp scanner vulnerability-scanners vunerability
Language:Raku 1017
OWASP / crAPI
completely ridiculous API (crAPI)
api apisecurity hacktoberfest owasp
Language:Java 973
Maryam
saeeddhqan / Maryam
Maryam: Open-source Intelligence(OSINT) Framework
maryam osint owasp reconnaissance search-engine social-network
Language:Python 940
security-code-scan / security-code-scan
Vulnerability Patterns Detector for C# and VB.NET
security static code analysis roslyn dotnet scan scanner analyzer owasp static-analysis static-code-analysis
Language:C# 919