appsec
There are 389 repositories under appsec topic.
Application-Security
Resources for Application Security including Web, API, Android, iOS and Thick Client
dd-trace-go
Datadog Go Library including APM tracing, profiling, and security monitoring.
Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
ovaa
Oversecured Vulnerable Android App
Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
dependency-check-sonar-plugin
Integrates Dependency-Check reports into SonarQube
race-the-web
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
rfi-lfi-payload-list
🎯 RFI/LFI Payload List
privado
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
dd-trace-php
Datadog PHP Clients
badsecrets
A library for detecting known secrets across many web frameworks
awesome-cicd-attacks
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
threat-model-cookbook
This project is about creating and publishing threat model examples.
njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Blisqy
Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
Free-RASP-Community
SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.
agartha
A Burp extension helps identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations, while also converting HTTP requests to JavaScript for enhanced XSS exploitation.
VulnerableApp
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
casr
Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
gram
Gram is Klarna's own threat model diagramming tool
sbt-dependency-check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
sechub
SecHub provides a central API to test software with different security tools.
zap-hud
The ZAP Heads Up Display (HUD)
PentestingEverything
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
JavaSecurity
Java web and command line applications demonstrating various security topics
nerdbug
Full Nuclei automation script with logic explanation.
domscan
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
OversecuredVulnerableiOSApp
Oversecured Vulnerable iOS App
nist-data-mirror
A simple Java command-line utility to mirror the CVE JSON data from NIST.
pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
web-methodology
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
grepmarx
A source code static analysis platform for AppSec enthusiasts.
Session-Hijacking-Visual-Exploitation
Session Hijacking Visual Exploitation
OOB-Server
A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
awesome-policy-as-code
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.