appsec

There are 371 repositories under appsec topic.

  • OWASP/CheatSheetSeries

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    Language:Python27k5734323.8k

  • zaproxy/zaproxy

    The ZAP core project

    Language:Java12.2k3965k2.2k

  • maurosoria/dirsearch

    Web path scanner

    Language:Python11.5k3135322.3k
  • SafeLine

    chaitin/SafeLine

    A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.

    Language:TypeScript10.6k60751629
  • juice-shop

    juice-shop/juice-shop

    OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

    Language:TypeScript9.7k1608039.7k
  • wstg

    OWASP/wstg

    The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

    Language:Dockerfile6.9k3223411.3k

  • infoslack/awesome-web-hacking

    A list of web application security

    5.5k244141.2k

  • urbanadventurer/WhatWeb

    Next generation web scanner

    Language:Ruby5.2k175215886

  • OWASP/Go-SCP

    Golang Secure Coding Practices guide

    Language:Go4.8k12947365

  • infobyte/faraday

    Open Source Vulnerability Management Platform

    Language:Python4.7k251425868

  • andresriancho/w3af

    w3af: web application attack and audit framework, the open source web vulnerability scanner.

    Language:Python4.5k19418.7k1.2k

  • jassics/security-study-plan

    Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

    4.2k10513500
  • Security-101

    microsoft/Security-101

    8 Lessons, Kick-start Your Cybersecurity Learning.

    3.6k7218384

  • foospidy/payloads

    Git All the Payloads! A collection of web attack payloads.

    Language:Shell3.6k1975963

  • DefectDojo/django-DefectDojo

    DevSecOps, ASPM, Vulnerability Management. All on one platform.

    Language:HTML3.5k2082.7k1.5k

  • projectdiscovery/interactsh

    An OOB interaction gathering server and client library

    Language:Go3.2k41184344
  • dependency-track

    DependencyTrack/dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

    Language:Java2.4k691.8k525
  • ziti

    openziti/ziti

    The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti

    Language:Go2.2k32604129

  • Checkmarx/kics

    Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

    Language:Open Policy Agent2k261.9k292
  • cicd-goat

    cider-security-research/cicd-goat

    A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

    Language:Python1.8k2925286
  • bearer

    Bearer/bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Language:Go1.8k2032382

  • summitt/Nope-Proxy

    TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

    Language:Java1.5k5971236
  • awesome-threat-modelling

    hysnsec/awesome-threat-modelling

    A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

    Language:Dockerfile1.3k644235

  • webpwnized/mutillidae

    OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

    Language:PHP1.2k4824398

  • httpvoid/writeups

    1.2k773175
  • vapi

    roottusk/vapi

    vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

    Language:HTML1.1k1827296

  • OWASP/www-community

    OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

    Language:HTML1k16995657

  • Soluto/kamus

    An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

    Language:C#9201313167

  • ayoubfathi/leaky-paths

    A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

    900260149

  • numirias/security

    Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

    866325164

  • OWASP/railsgoat

    A vulnerable version of Rails that follows the OWASP Top 10

    Language:HTML85734154662

  • OWASP/OWASP-VWAD

    The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

    8366178213

  • zaproxy/zap-extensions

    ZAP Add-ons

    Language:Java807540675

  • ShiftLeftSecurity/sast-scan

    Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

    Language:Python78331125111

  • zaproxy/community-scripts

    A collection of ZAP scripts and tips provided by the community - pull requests very welcome!

    Language:JavaScript7585811233

  • openappsec/openappsec

    open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

    Language:C++7251810249