application-security
There are 290 repositories under application-security topic.
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
chaitin/SafeLine
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
juice-shop/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
paragonie/awesome-appsec
A curated list of resources for learning about application security
urbanadventurer/WhatWeb
Next generation web scanner
jassics/security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
payloadbox/command-injection-payload-list
🎯 Command Injection Payload List
ComplianceAsCode/content
Security automation content in SCAP, Bash, Ansible, and other formats
s4n7h0/xvwa
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
metlo-labs/metlo
Metlo is an open-source API security platform.
harsh-bothra/learn365
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
JakobTheDev/awesome-devsecops
Curating the best DevSecOps resources and tooling.
openappsec/openappsec
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
m14r41/PentestingEverything
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
user1342/Awesome-Android-Reverse-Engineering
A curated list of awesome Android Reverse Engineering training, resources, and tools.
Janusec/janusec
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。
sh4hin/Androl4b
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Quitten/Autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Safe3/uuWAF
An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.
PhonePe/mantis
Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.
guardrailsio/awesome-php-security
Awesome PHP Security Resources 🕶🐘🔐
bloodzer0/ossa
Open-Source Security Architecture | 开源安全架构
appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
wallarm/awesome-nginx-security
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
olacabs/jackhammer
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
rewanthtammana/Damn-Vulnerable-Bank
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
MattKeeley/Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Anof-cyber/Application-Security
Resources for Application Security including Web, API, Android, iOS and Thick Client
security-prince/Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
brcyrr/PracticalCyberSecurityResources
This repository contains a curated list of resources I suggest on LinkedIn and Twitter.📝🌝
payloadbox/rfi-lfi-payload-list
🎯 RFI/LFI Payload List
factionsecurity/faction
Pen Test Report Generation and Assessment Collaboration
Cy-clon3/awesome-ios-security
A curated list of awesome iOS application security resources.
enkomio/Taipan
Web application vulnerability scanner
SmileZXLee/ZXHookDetection
【iOS应用安全、安全攻防】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、汇编分析、IDA反编译分析加密协议Demo);【数据传输安全】浅谈http、https与数据加密;代码加密&混淆;防抓包、http-dns解决方案,防止DNS劫持等