owasp

There are 73 repositories under owasp topic.

OWASP / CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
application-security appsec best-practices cheatsheets code owasp security
Language:Python 26680
Mobile-Security-Framework-MobSF
MobSF / Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security api-testing web-security malware-analysis runtime-security devsecops apk rest cwe owasp mstg masvs mastg
Language:JavaScript 16415
vitalysim / Awesome-Hacking-Resources
A collection of hacking / penetration testing resources to make you better!
ctf hacking privilege-escalation reverse-engineering buffer-overflow penetration-testing owasp exploit malware windows-privilege-escalation privilege-escalation-linux mitm
14748
amass
owasp-amass / amass
In-depth attack surface mapping and asset discovery
go dns subdomain enumeration recon osint osint-reconnaissance network-security owasp maltego attack-surfaces information-gathering golang
Language:Go 11265
juice-shop
juice-shop / juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
owasp javascript vulnerable hacking application-security owasp-top-10 owasp-top-ten pentesting vulnapp appsec ctf hacktoberfest 24pullrequests security
Language:TypeScript 9614
wstg
OWASP / wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
best-practices guide owasp bugbounty penetration-testing pentesting application-security security hacktoberfest appsec hacking
Language:Dockerfile 6757
paragonie / awesome-appsec
A curated list of resources for learning about application security
security-experts reading-list curated application-security security owasp
Language:PHP 6123
infoslack / awesome-web-hacking
A list of web application security
penetration-testing web-hacking vulnerabilities scanner hacking hacking-tools metasploit web-security appsec owasp pentesting security vulnerability
5454
urbanadventurer / WhatWeb
Next generation web scanner
security web scanner ruby penetration-testing kali-linux owasp penetration-testing-tools penetration-test hacking hacking-tools network-security recon appsec application-security pentesting pentesting-tools pentest web-hacking security-tools
Language:Ruby 5128
kubernetes-goat
madhuakula / kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
kubernetes vulnerable-app security hacking pentesting infrastructure cloud-security docker container kubernetes-goat devsecops cloudsecurity kubernetes-security container-security owasp cloud-native k8s blueteam redteam
Language:HTML 3995
DefectDojo / django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
analytics appsec automation devsecops django hacktoberfest kubernetes owasp python security security-automation security-orchestration vulnerability-correlation vulnerability-databases vulnerability-management
Language:HTML 3427
microcosm-cc / bluemonday
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
sanitization html security xss go owasp allowlist golang
Language:Go 2991
OWASP / Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
python penetration-testing penetration-testing-framework owasp automation portscanner vulnerability-scanners information-gathering network-analysis bruteforce security security-tools scanner pentesting cve cves hacking-tools pentesting-tools vulnerability-scanner vulnerability-management
Language:Python 2981
awesome-nodejs-security
lirantal / awesome-nodejs-security
Awesome Node.js Security resources
nodejs security cybersecurity web-security owasp vulnerabilities pentest infosec hacktoberfest
2583
flipkart-incubator / Astra
Automated Security Testing For REST API's
security restapiautomation python owasp penetration-testing-framework postman-collection ci-cd sdlc penetration-testing security-automation
Language:Python 2430
dependency-track
DependencyTrack / dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca bill-of-materials vulndb package-url purl vulnerability-detection ossindex sbom devsecops security-automation cyclonedx
Language:Java 2355
find-sec-bugs
find-sec-bugs / find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
findbugs java security-audit owasp taint-analysis code-analysis security bytecode cwe static-analysis hacktoberfest
Language:Java 2209
coreruleset / coreruleset
OWASP CRS (Official Repository)
security ruleset owasp crs
Language:Python 1976
OWASP / owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
masvs verification mobile security audit penetration-tests standard gitbook penetration-testing owasp security-audit security-standards mstg ios-app android-app mastg
Language:Python 1946
phongnguyend / Practical.CleanArchitecture
Full-stack .Net 8 Clean Architecture (Microservices, Modular Monolith, Monolith), Blazor, Angular 17, React 18, Vue 3, BFF with YARP, Domain-Driven Design, CQRS, SOLID, Asp.Net Core Identity Custom Storage, OpenID Connect, Entity Framework Core, Selenium, SignalR, Hosted Services, Health Checks, Rate Limiting, Cloud Services (Azure, AWS, Google)...
cqrs domain-driven-design clean-architecture oauth2 signalr docker azure aws rabbitmq kafka blazor kubernetes microservices angular reactjs vuejs devops opentelemetry owasp
Language:C# 1930
coraza
corazawaf / coraza
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
coraza waf coraza-waf owasp-crs modsecurity coreruleset owasp golang go http web-application-firewall hacktoberfest
Language:Go 1853
themis
cossacklabs / themis
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
cryptography-library cryptography security golang ios swift objective-c python ruby php java javascript authentication secure-messenger secure-storage encryption symmetric-cryptography asymmetric-cryptography rust owasp
Language:C 1813
bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast static-code-analysis vulnerability security-audit security-scanner vulnerabilities code-quality static-analysis security-automation owasp
Language:Go 1772
owtf / owtf
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
security owasp owtf python pentest kali-linux framework web-application-security
Language:Python 1763
0xRadi / OWASP-Web-Checklist
OWASP Web Application Security Testing Checklist
owasp security security-tools security-vulnerability bugbounty testing checklist
1549
1N3 / BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
web application scanner osint fuzzer owasp vulnerability python spider passive active sqli xss lfi rfi rce csrf automated scan bugbounty
Language:Python 1460
wallarm / gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
owasp api-security security bugbounty security-tools waf web-application-security web-application-firewall security-testing graphql-security grpc-security rest-security
Language:Go 1419
xalgord / Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes
bugbounty resources hacking owasp owasp-top-10 bug-bounty bugbountytips xalgord collection ethical-hacking
1192
webpwnized / mutillidae
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
security owasp owasp-top-10 cybersecurity training web application top 10 appsec penetration-testing
Language:PHP 1182
OWASP / wrongsecrets
Vulnerable app with examples showing how to not use secrets
hashicorp-vault terraform-aws java kubernetes secrets secrets-management vault devsecops security aws gcp terraform-gcp azure terraform-azure ctf vulnerable-web-app docker keepass owasp
Language:Java 1155
vapi
roottusk / vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
owasp api apitop10 owasp-top-10 owasp-top-ten vulnerable-application appsec appsec-tutorials bugbounty hacktoberfest docker cors php postman hacktoberfest-accepted exercises
Language:HTML 1116
OWASP / www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
owasp appsec community-project
Language:HTML 1026
OWASP / joomscan
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
owasp joomla joomla-cms joomscan vunerability scanner vulnerability-scanners exploit 0day
Language:Raku 1020
OWASP / crAPI
completely ridiculous API (crAPI)
api apisecurity hacktoberfest owasp
Language:Java 978
Maryam
saeeddhqan / Maryam
Maryam: Open-source Intelligence(OSINT) Framework
owasp osint reconnaissance search-engine social-network maryam
Language:Python 944
security-code-scan / security-code-scan
Vulnerability Patterns Detector for C# and VB.NET
security static code analysis roslyn dotnet scan scanner analyzer owasp static-analysis static-code-analysis
Language:C# 920