Topic: owasp Goto Github

👇 Here are 720 public repositories matching this topic...

0xradi / owasp-web-checklist
owasp,OWASP Web Application Security Testing Checklist
User: 0xradi
owasp security security-tools security-vulnerability bugbounty testing checklist

1n3 / blackwidow
owasp,A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
User: 1n3
Home Page: https://sn1persecurity.com
active application automated bugbounty csrf fuzzer lfi osint owasp passive python rce rfi scan scanner spider sqli vulnerability web xss

appsecco / dvna
owasp,Damn Vulnerable NodeJS Application
Organization: appsecco
nodejs dvna vulnerable-apps vulnerable security owasp-top-10 owasp hack testing

baroshem / nuxt-security
owasp,🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
User: baroshem
Home Page: https://nuxt-security.vercel.app/
module nuxt owasp security vue basic-authentication cors rate-limiting xss csrf

bearer / bearer
owasp,Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Organization: bearer
Home Page: https://docs.bearer.com
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast static-code-analysis vulnerability security-audit security-scanner vulnerabilities code-quality static-analysis security-automation owasp

corazawaf / coraza
owasp,OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
Organization: corazawaf
Home Page: https://www.coraza.io
coraza waf coraza-waf owasp-crs modsecurity coreruleset owasp golang go http web-application-firewall hacktoberfest

coreruleset / coreruleset
owasp,OWASP CRS (Official Repository)
Organization: coreruleset
Home Page: https://coreruleset.org
security ruleset owasp crs

cossacklabs / themis
owasp,Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Organization: cossacklabs
Home Page: https://www.cossacklabs.com/themis
cryptography-library cryptography security golang ios swift objective-c python ruby php java javascript authentication secure-messenger secure-storage encryption symmetric-cryptography asymmetric-cryptography rust owasp

cyber-buddy / apkhunt
owasp,APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
User: cyber-buddy
android-security apkhunt code-review information-security infosec masvs mobile-sec-android mstg owasp owasp-mobile-top penetration-testing pentest pentesting pentesting-tools sast secure-coding security security-tools static-analysis static-analyzer

defectdojo / django-defectdojo
owasp, DevSecOps, ASPM, Vulnerability Management. All on one platform.
Organization: defectdojo
Home Page: https://defectdojo.com
python vulnerability-databases django security owasp analytics vulnerability-management automation security-automation security-orchestration

dependencytrack / dependency-track
owasp,Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Organization: dependencytrack
Home Page: https://dependencytrack.org/
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca

find-sec-bugs / find-sec-bugs
owasp,The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Organization: find-sec-bugs
Home Page: https://find-sec-bugs.github.io/
findbugs java security-audit owasp taint-analysis code-analysis security bytecode cwe static-analysis

flipkart-incubator / astra
owasp,Automated Security Testing For REST API's
Organization: flipkart-incubator
security restapiautomation python owasp penetration-testing-framework postman-collection ci-cd sdlc penetration-testing security-automation

infoslack / awesome-web-hacking
owasp,A list of web application security
User: infoslack
penetration-testing web-hacking vulnerabilities scanner hacking hacking-tools metasploit web-security appsec owasp

intuitem / ciso-assistant-community
owasp,CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +54 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber, NCSC, ECC, SCF and so much more
Organization: intuitem
Home Page: https://intuitem.com
cmmc compliance grc soc2 gdpr audit anssi iso27001 cis dora

juice-shop / juice-shop
owasp,OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Organization: juice-shop
Home Page: https://owasp-juice.shop
owasp javascript vulnerable hacking application-security owasp-top-10 owasp-top-ten pentesting vulnapp appsec

lirantal / awesome-nodejs-security
owasp,Awesome Node.js Security resources
User: lirantal
nodejs security cybersecurity web-security owasp vulnerabilities pentest infosec hacktoberfest

madhuakula / kubernetes-goat
owasp,Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
User: madhuakula
Home Page: https://madhuakula.com/kubernetes-goat
kubernetes vulnerable-app security hacking pentesting infrastructure cloud-security docker container kubernetes-goat

microcosm-cc / bluemonday
owasp,bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Organization: microcosm-cc
Home Page: https://github.com/microcosm-cc/bluemonday
sanitization html security xss go owasp allowlist golang

mobsf / mobile-security-framework-mobsf
owasp,Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Organization: mobsf
Home Page: https://opensecurity.in
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security api-testing web-security malware-analysis

openappsec / openappsec
owasp,open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Organization: openappsec
Home Page: https://openappsec.io
api-security application-security kubernetes nginx web-application-firewall appsec devsecops kong rate-limiting security-tools

owasp-amass / amass
owasp,In-depth attack surface mapping and asset discovery
Organization: owasp-amass
Home Page: https://owasp.org/www-project-amass/
go dns subdomain enumeration recon osint osint-reconnaissance network-security owasp maltego attack-surfaces information-gathering golang

owasp / cheatsheetseries
owasp,The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Organization: owasp
Home Page: https://cheatsheetseries.owasp.org
application-security appsec best-practices cheatsheets code owasp security

owasp / crapi
owasp,completely ridiculous API (crAPI)
Organization: owasp
api apisecurity hacktoberfest owasp

owasp / devsecopsguideline
owasp,The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
Organization: owasp
Home Page: https://owasp.org/www-project-devsecops-guideline/
devsecops owasp shift-left security

owasp / iotgoat
owasp, IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
Organization: owasp
Home Page: https://owasp.org/www-project-internet-of-things/
iot-security-testing iot-security embedded-linux openwrt firmware firmware-security vulnerability-challenges owasp

owasp / joomscan
owasp,OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
Organization: owasp
Home Page: https://www.secologist.com/open-source-projects
owasp joomla joomla-cms joomscan vunerability scanner vulnerability-scanners exploit 0day

owasp / nettacker
owasp,Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Organization: owasp
Home Page: https://owasp.org/www-project-nettacker/
python penetration-testing penetration-testing-framework owasp automation portscanner vulnerability-scanners information-gathering network-analysis bruteforce

owasp / owasp-masvs
owasp,The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
Organization: owasp
Home Page: https://mas.owasp.org/
masvs verification mobile security audit penetration-tests standard gitbook penetration-testing owasp

owasp / owasp-vwad
owasp,The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Organization: owasp
Home Page: https://owasp.org/www-project-vulnerable-web-applications-directory/
appsec vulnerable-web-app vulnerable-web-application vulnerable owasp

owasp / threat-dragon
owasp,An open source threat modeling tool from OWASP
Organization: owasp
Home Page: https://owasp.org/www-project-threat-dragon/
threat-modeling sdlc owasp owasp-threat-dragon threat-dragon

owasp / wrongsecrets
owasp,Vulnerable app with examples showing how to not use secrets
Organization: owasp
Home Page: https://owasp.org/www-project-wrongsecrets/
hashicorp-vault terraform-aws java kubernetes secrets secrets-management vault devsecops security aws

owasp / wstg
owasp,The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Organization: owasp
Home Page: https://owasp.org/www-project-web-security-testing-guide/
best-practices guide owasp bugbounty penetration-testing pentesting application-security security hacktoberfest appsec

owasp / www-community
owasp,OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Organization: owasp
Home Page: https://owasp.org/www-community/
owasp appsec community-project

owtf / owtf
owasp,Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
Organization: owtf
Home Page: https://medium.com/@owtf
security owasp owtf python pentest kali-linux framework web-application-security

paragonie / awesome-appsec
owasp,A curated list of resources for learning about application security
Organization: paragonie
Home Page: https://paragonie.com/projects
security-experts reading-list curated application-security security owasp

phongnguyend / practical.cleanarchitecture
owasp,Full-stack .Net 8 Clean Architecture (Microservices, Modular Monolith, Monolith), Blazor, Angular 18, React 18, Vue 3, BFF with YARP, Domain-Driven Design, CQRS, SOLID, Asp.Net Core Identity Custom Storage, OpenID Connect, Entity Framework Core, OpenTelemetry, SignalR, Hosted Services, Health Checks, Rate Limiting, Cloud Services (Azure, AWS, GCP).
User: phongnguyend
cqrs domain-driven-design clean-architecture oauth2 signalr docker azure aws rabbitmq kafka

roottusk / vapi
owasp,vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
User: roottusk
owasp api apitop10 owasp-top-10 owasp-top-ten vulnerable-application appsec appsec-tutorials bugbounty hacktoberfest

saeeddhqan / maryam
owasp,Maryam: Open-source Intelligence(OSINT) Framework
User: saeeddhqan
owasp osint reconnaissance search-engine social-network maryam

securecodebox / securecodebox
owasp,secureCodeBox (SCB) - continuous secure delivery out of the box
Organization: securecodebox
Home Page: https://www.secureCodeBox.io
security security-automation security-tools security-testing securecodebox devsecops kubernetes kubernetes-operator owasp owasp-zap

security-code-scan / security-code-scan
owasp,Vulnerability Patterns Detector for C# and VB.NET
Organization: security-code-scan
Home Page: https://security-code-scan.github.io
security static code analysis roslyn dotnet scan scanner analyzer owasp

stanislav-web / opendoor
owasp,OWASP WEB Directory Scanner
User: stanislav-web
Home Page: http://opendoor.readthedocs.io
dirscanner scanner owasp dir-scanner dir-search directories-scanner bruteforce pentest blackarch proxies

tcosolutions / betterscan
owasp,Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Organization: tcosolutions
Home Page: https://betterscan.io
sast code-quality code-quality-analyzer static-analysis static-code-analysis static-analyzers devsecops sonarqube compliance devops

urbanadventurer / whatweb
owasp,Next generation web scanner
User: urbanadventurer
Home Page: https://www.morningstarsecurity.com/research/whatweb
security web scanner ruby penetration-testing kali-linux owasp penetration-testing-tools penetration-test hacking

vitalysim / awesome-hacking-resources
owasp,A collection of hacking / penetration testing resources to make you better!
User: vitalysim
buffer-overflow ctf exploit hacking malware mitm owasp penetration-testing privilege-escalation privilege-escalation-linux reverse-engineering windows-privilege-escalation

wallarm / gotestwaf
owasp,An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Organization: wallarm
Home Page: https://lab.wallarm.com/test-your-waf-before-hackers/
owasp api-security security bugbounty security-tools waf web-application-security web-application-firewall security-testing graphql-security

webpwnized / mutillidae
owasp,OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
User: webpwnized
security owasp owasp-top-10 cybersecurity training web application top 10 appsec

xalgord / massive-web-application-penetration-testing-bug-bounty-notes
owasp,
User: xalgord
bugbounty resources hacking owasp owasp-top-10 bug-bounty bugbountytips xalgord collection ethical-hacking

yeswehack / vulnerable-code-snippets
owasp,Twitter vulnerable snippets
Organization: yeswehack
bugbounty snippets vulnerable owasp code example-code web-application websecurity worst-practices code-analyze

zeyad-azima / offensive-resources
owasp,A Huge Learning Resources with Labs For Offensive Security Players
User: zeyad-azima
api infrastructure learning security mobile web hack hacking owasp cybersecurity