Displaying 1 to 13 from 13 results

awesome-appsec - A curated list of resources for learning about application security

  •    PHP

A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes. Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities. We also have other community projects which might be useful for tomorrow's application security experts.

juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws

  •    Javascript

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.

Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

  •    

AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis.

airship - Secure Content Management for the Modern Web - "The sky is only the beginning"

  •    PHP

The sky is only the beginning. CMS Airship is a secure-by-default content management system, blog engine, and application development framework written for PHP 7.2 and above.




janusec - Janusec Application Gateway, a Golang based application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing

  •    Go

Janusec Application Gateway, an application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Detailed documentation is available at Janusec Application Gateway Documentation.

Autorize - Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

  •    Python

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert, and Federico Dotta, a security expert at Mediaservice.net. Autorize was designed to help security testers by performing automatic authorization tests. With the last release now Autorize also perform automatic authentication tests. The first 2 statuses are clear, so I won’t elaborate on them.

Taipan - Web application security scanner

  •    F#

If you want to try the dev version of Taipan without to wait for an official release, you can download the build version. This version is built every time that a commit is done and the build process is not broken. You can download it from the Artifacts Directory.

watchdog - Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

  •    Python

Watchog is an integration of open source security tools aimed to provide a holistic security view for a given domain/IP. The way Watchdog is built, it can be used by product security teams, red teams and also by bug bounty hunters to get a 360° view of any Internet property it scans. Given a list of domains/IP's it has the capability to perform a network scan, feed the output to open source web app scanners like Google's skip-fish and wapiti, perform tech stack analysis and determine if the stack has any known CVE’s. WatchDog has the ability to scan all endpoints and perform technology version analysis on the services it detects and map this information with it’s rich CVE database maintained and updated locally.


juice-shop-ctf - Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

  •    Javascript

The NPM package juice-shop-ctf-cli lets you create a archive files for conveniently import OWASP Juice Shop challenges into different Capture the Flag frameworks. This allows you to populate a CTF game server in a matter of minutes. Then follow the instructions of the interactive command line tool.

webappsec-nutshell - An ultra-compact intro (or refresher) to Web Application Security.

  •    Javascript

An ultra-compact intro (or refresher) to Web Application Security derived from my Web Application Security Training Workshop. This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

webbreaker - Dynamic Application Security Test Orchestration (DASTO)

  •    Python

WebBreaker is an open source Dynamic Application Security Test Orchestration (DASTO) client, enabling development teams to create pipelines for security testing and automation of functional security tests, with WebInspect, Fortify SSC, and ThreadFix.

continuous-threat-modeling - A Continuous Threat Modeling methodology

  •    

CTM is Autodesk's threat modeling methodology enabling development teams to perform threat modeling with minimal initial security knowledge and lesser dependency on security experts. It is an evolutionary, dynamic methodology that should mesh well with teams using Agile and evolving system architectures. All manner of contributions are welcome. The methodology is still relatively young, and emphasis has been placed on simplicity, return-on-investment and building a developer-friendly workflow. We are looking for contributions on the security principles, secure development checklist, and community support - as well as win or less-successful cases, improvement and modification suggestions.