appsec
There are 367 repositories under appsec topic.
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
zaproxy/zaproxy
The ZAP core project
maurosoria/dirsearch
Web path scanner
juice-shop/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
infoslack/awesome-web-hacking
A list of web application security
urbanadventurer/WhatWeb
Next generation web scanner
OWASP/Go-SCP
Golang Secure Coding Practices guide
infobyte/faraday
Open Source Vulnerability Management Platform
andresriancho/w3af
w3af: web application attack and audit framework, the open source web vulnerability scanner.
jassics/security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
microsoft/Security-101
8 Lessons, Kick-start Your Cybersecurity Learning.
foospidy/payloads
Git All the Payloads! A collection of web attack payloads.
DefectDojo/django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
projectdiscovery/interactsh
An OOB interaction gathering server and client library
DependencyTrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
openziti/ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
Checkmarx/kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
cider-security-research/cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Bearer/bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
summitt/Nope-Proxy
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
hysnsec/awesome-threat-modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
webpwnized/mutillidae
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
roottusk/vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
OWASP/www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Soluto/kamus
An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
ayoubfathi/leaky-paths
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
numirias/security
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
OWASP/railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
OWASP/OWASP-VWAD
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
zaproxy/zap-extensions
ZAP Add-ons
ShiftLeftSecurity/sast-scan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
zaproxy/community-scripts
A collection of ZAP scripts and tips provided by the community - pull requests very welcome!
openappsec/openappsec
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Anof-cyber/Application-Security
Resources for Application Security including Web, API, Android, iOS and Thick Client