owasp

There are 75 repositories under owasp topic.

OWASP / CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
application-security appsec best-practices cheatsheets code owasp security
Language:Python 27634
Mobile-Security-Framework-MobSF
MobSF / Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
android-security api-testing apk cwe devsecops dynamic-analysis ios-security malware-analysis mastg masvs mobile-security mobsf mstg owasp rest runtime-security static-analysis web-security windows-mobile-security
Language:JavaScript 17117
vitalysim / Awesome-Hacking-Resources
A collection of hacking / penetration testing resources to make you better!
buffer-overflow ctf exploit hacking malware mitm owasp penetration-testing privilege-escalation privilege-escalation-linux reverse-engineering windows-privilege-escalation
15159
amass
owasp-amass / amass
In-depth attack surface mapping and asset discovery
attack-surfaces dns enumeration go golang information-gathering maltego network-security osint osint-reconnaissance owasp recon subdomain
Language:Go 11818
juice-shop
juice-shop / juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Language:TypeScript 10121
wstg
OWASP / wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security
Language:Dockerfile 7124
paragonie / awesome-appsec
A curated list of resources for learning about application security
application-security curated owasp reading-list security security-experts
Language:PHP 6262
infoslack / awesome-web-hacking
A list of web application security
appsec hacking hacking-tools metasploit owasp penetration-testing pentesting scanner security vulnerabilities vulnerability web-hacking web-security
5736
urbanadventurer / WhatWeb
Next generation web scanner
security web scanner ruby penetration-testing kali-linux owasp penetration-testing-tools penetration-test hacking hacking-tools network-security recon appsec application-security pentesting pentesting-tools pentest web-hacking security-tools
Language:Ruby 5450
kubernetes-goat
madhuakula / kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
blueteam cloud-native cloud-security cloudsecurity container container-security devsecops docker hacking infrastructure k8s kubernetes kubernetes-goat kubernetes-security owasp pentesting redteam security vulnerable-app
Language:HTML 4232
DefectDojo / django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
analytics appsec automation devsecops django hacktoberfest kubernetes owasp python security security-automation security-orchestration vulnerability-correlation vulnerability-databases vulnerability-management
Language:HTML 3614
OWASP / Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
automation bruteforce cve cves hacking-tools information-gathering network-analysis owasp penetration-testing penetration-testing-framework pentesting pentesting-tools portscanner python scanner security security-tools vulnerability-management vulnerability-scanner vulnerability-scanners
Language:Python 3333
microcosm-cc / bluemonday
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
sanitization html security xss go owasp allowlist golang
Language:Go 3140
awesome-nodejs-security
lirantal / awesome-nodejs-security
Awesome Node.js Security resources
cybersecurity hacktoberfest infosec nodejs owasp pentest security vulnerabilities web-security
2704
dependency-track
DependencyTrack / dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca bill-of-materials vulndb package-url purl vulnerability-detection ossindex sbom devsecops security-automation cyclonedx
Language:Java 2584
flipkart-incubator / Astra
Automated Security Testing For REST API's
security restapiautomation python owasp penetration-testing-framework postman-collection ci-cd sdlc penetration-testing security-automation
Language:Python 2485
husnainfareed / awesome-ethical-hacking-resources
😎 🔗 Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
awesome awesome-list ctf ethical-hacking hacking hacking-resources hacktoberfest learning-hacking owasp penetration-testing resources vulnerable-applications web-hacking
2425
find-sec-bugs
find-sec-bugs / find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
bytecode code-analysis cwe findbugs hacktoberfest java owasp security security-audit static-analysis taint-analysis
Language:Java 2261
coreruleset / coreruleset
OWASP CRS (Official Repository)
crs owasp ruleset security
Language:Python 2201
coraza
corazawaf / coraza
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
coraza coraza-waf coreruleset go golang hacktoberfest http modsecurity owasp owasp-crs waf web-application-firewall
Language:Go 2145
phongnguyend / Practical.CleanArchitecture
Full-stack .Net 8 Clean Architecture (Microservices, Modular Monolith, Monolith), Blazor, Angular 18, React 18, Vue 3, BFF with YARP, Domain-Driven Design, CQRS, SOLID, Asp.Net Core Identity Custom Storage, OpenID Connect, Entity Framework Core, OpenTelemetry, SignalR, Hosted Services, Health Checks, Rate Limiting, Cloud Services (Azure, AWS, GCP).
angular aws azure blazor clean-architecture cqrs devops docker domain-driven-design kafka kubernetes microservices oauth2 opentelemetry owasp rabbitmq reactjs signalr vuejs
Language:C# 2070
OWASP / owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
masvs verification mobile security audit penetration-tests standard gitbook penetration-testing owasp security-audit security-standards mstg ios-app android-app mastg
Language:Python 2028
bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec code-quality compliance dataflow devsecops devsecops-tools gdpr owasp privacy sast security security-audit security-automation security-scanner security-tools static-analysis static-code-analysis vulnerabilities vulnerability
Language:Go 1947
themis
cossacklabs / themis
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
asymmetric-cryptography authentication cryptography cryptography-library encryption golang ios java javascript objective-c owasp php python ruby rust secure-messenger secure-storage security swift symmetric-cryptography
Language:C 1854
owtf / owtf
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
framework kali-linux owasp owtf pentest python security web-application-security
Language:Python 1805
0xRadi / OWASP-Web-Checklist
OWASP Web Application Security Testing Checklist
bugbounty checklist owasp security security-tools security-vulnerability testing
1692
wallarm / gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
owasp api-security security bugbounty security-tools waf web-application-security web-application-firewall security-testing graphql-security grpc-security rest-security
Language:Go 1526
1N3 / BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
active application automated bugbounty csrf fuzzer lfi osint owasp passive python rce rfi scan scanner spider sqli vulnerability web xss
Language:Python 1502
xalgord / Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
bug-bounty bugbounty bugbountytips collection ethical-hacking hacking owasp owasp-top-10 resources xalgord
1245
webpwnized / mutillidae
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
security owasp owasp-top-10 cybersecurity training web application top 10 appsec penetration-testing
Language:PHP 1242
OWASP / wrongsecrets
Vulnerable app with examples showing how to not use secrets
hashicorp-vault terraform-aws java kubernetes secrets secrets-management vault devsecops security aws gcp terraform-gcp azure terraform-azure ctf vulnerable-web-app docker keepass owasp
Language:Java 1203
vapi
roottusk / vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
owasp api apitop10 owasp-top-10 owasp-top-ten vulnerable-application appsec appsec-tutorials bugbounty hacktoberfest docker cors php postman hacktoberfest-accepted exercises
Language:HTML 1154
OWASP / www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
appsec community-project owasp
Language:HTML 1094
OWASP / crAPI
completely ridiculous API (crAPI)
api apisecurity hacktoberfest owasp
Language:Java 1078
ciso-assistant-community
intuitem / ciso-assistant-community
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +57 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber, NCSC, ECC, SCF and so much more
anssi audit bsi cis cjis cmmc compliance cybersecurity dora fedramp gdpr governance grc hipaa iso27001 nist owasp privacy risk-management soc2
Language:Python 1058
OWASP / joomscan
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
0day exploit joomla joomla-cms joomscan owasp scanner vulnerability-scanners vunerability
Language:Raku 1058

owasp

OWASP / CheatSheetSeries

MobSF / Mobile-Security-Framework-MobSF

vitalysim / Awesome-Hacking-Resources

owasp-amass / amass

juice-shop / juice-shop

OWASP / wstg

paragonie / awesome-appsec

infoslack / awesome-web-hacking

urbanadventurer / WhatWeb

madhuakula / kubernetes-goat

DefectDojo / django-DefectDojo

OWASP / Nettacker

microcosm-cc / bluemonday

lirantal / awesome-nodejs-security

DependencyTrack / dependency-track

flipkart-incubator / Astra

husnainfareed / awesome-ethical-hacking-resources

find-sec-bugs / find-sec-bugs

coreruleset / coreruleset

corazawaf / coraza

phongnguyend / Practical.CleanArchitecture

OWASP / owasp-masvs

Bearer / bearer

cossacklabs / themis

owtf / owtf

0xRadi / OWASP-Web-Checklist

wallarm / gotestwaf

1N3 / BlackWidow

xalgord / Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

webpwnized / mutillidae

OWASP / wrongsecrets

roottusk / vapi

OWASP / www-community

OWASP / crAPI

intuitem / ciso-assistant-community

OWASP / joomscan