owasp
There are 724 repositories under owasp topic.
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
MobSF/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
vitalysim/Awesome-Hacking-Resources
A collection of hacking / penetration testing resources to make you better!
owasp-amass/amass
In-depth attack surface mapping and asset discovery
juice-shop/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
paragonie/awesome-appsec
A curated list of resources for learning about application security
infoslack/awesome-web-hacking
A list of web application security
urbanadventurer/WhatWeb
Next generation web scanner
madhuakula/kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
DefectDojo/django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
OWASP/Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
microcosm-cc/bluemonday
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
lirantal/awesome-nodejs-security
Awesome Node.js Security resources
flipkart-incubator/Astra
Automated Security Testing For REST API's
DependencyTrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
find-sec-bugs/find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
coreruleset/coreruleset
OWASP CRS (Official Repository)
OWASP/owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
phongnguyend/Practical.CleanArchitecture
Full-stack .Net 8 Clean Architecture (Microservices, Modular Monolith, Monolith), Blazor, Angular 17, React 18, Vue 3, BFF with YARP, Domain-Driven Design, CQRS, SOLID, Asp.Net Core Identity Custom Storage, OpenID Connect, Entity Framework Core, Selenium, SignalR, Hosted Services, Health Checks, Rate Limiting, Cloud Services (Azure, AWS, Google)...
corazawaf/coraza
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
cossacklabs/themis
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Bearer/bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
owtf/owtf
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
0xRadi/OWASP-Web-Checklist
OWASP Web Application Security Testing Checklist
1N3/BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
wallarm/gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
webpwnized/mutillidae
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
OWASP/wrongsecrets
Vulnerable app with examples showing how to not use secrets
roottusk/vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
OWASP/www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
OWASP/joomscan
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
OWASP/crAPI
completely ridiculous API (crAPI)
saeeddhqan/Maryam
Maryam: Open-source Intelligence(OSINT) Framework
security-code-scan/security-code-scan
Vulnerability Patterns Detector for C# and VB.NET