0xEsky's Stars
Hack-with-Github/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
zaproxy/zaproxy
The ZAP by Checkmarx Core project
juice-shop/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
WebGoat/WebGoat
WebGoat is a deliberately insecure application
urbanadventurer/WhatWeb
Next generation web scanner
RhinoSecurityLabs/cloudgoat
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
hysnsec/awesome-threat-modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
OWASP/www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
OWASP/OWASP-VWAD
:warning: This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory
ShiftLeftSecurity/sast-scan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
thunder-app/thunder
Thunder - An open-source cross-platform Lemmy client for iOS and Android built with Flutter
security-prince/Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
TheHackerDev/race-the-web
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
payatu/Tiredful-API
An intentionally designed broken web application based on REST API.
OWASP/DVSA
a Damn Vulnerable Serverless Application
cr0hn/vulnerable-node
A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools
OWASP/threat-model-cookbook
This project is about creating and publishing threat model examples.
SasanLabs/VulnerableApp
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
HCL-TECH-SOFTWARE/AltoroJ
WARNING: This app contains security vulnerabilities. AltoroJ is a sample banking J2EE web application. It shows what happens when web applications are written with consideration of app functionality but not app security. It's a simple and uncluttered platform for demonstrating and learning more about real-life application security issues.
jerryhoff/WebGoat.NET
OWASP WebGoat.NET
softrams/bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
security-prince/Resources-for-Application-Security
Some good resources for getting started with application security
we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service
Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
duo-labs/appsec-education
Presentations, training modules, and other education materials from Duo Security's Application Security team.
rustcohlnikov/awesome-frontend-security
☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!
SecuringTheStack/tutorials
Additional Resources For Securing The Stack Tutorials