Displaying 1 to 18 from 18 results

juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws

  •    Javascript

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.

kamus - An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

  •    CSharp

An open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES). To learn more about Kamus, check out the blog post and slides. If you're running Kamus locally the Kamus URL will be like http://localhost:<port>. So you need to add --allow-insecure-url flag to enable http protocol.

yawast - The YAWAST Antecedent Web Application Security Toolkit

  •    Ruby

This is meant to provide a easy way to perform initial analysis and information discovery. It's not a full testing suite, and it certainly isn't Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the --proxy parameter).Please see the wiki for full documentation.

bag-of-holding - An application to assist in the organization and prioritization of software security activities

  •    Python

The Bag of Holding is an application to assist in the organization and prioritization of software security activities. For information on setting up a development environment, see INSTALL.md.




dependency-check-plugin - Jenkins plugin for OWASP Dependency-Check

  •    Java

Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities. This plug-in can independently execute a Dependency-Check analysis and visualize results.

Ukraine-infosec-conferences - Анонси, програми та архів матеріалів українських конференцій з кібер-безпеки

  •    

Анонси, програми та архів матеріалів українських подій з кібер-безпеки. Дані збираються з офіційних ресурсів подій, а також з архівів учасників конференцій, archive.org та інших відкритих джерел. Події з кібер-безпеки, які не зберігають архіви матеріалів зустрічей.

jwt-fuzzer - JWT fuzzer

  •    Python

jwt-fuzzer is a simple command line tool that creates multiple, potentially invalid, strings from an initial JSON Web Token. Once the output file is generated you'll usually send the modified JWT using the utils/sender tool, which you'll have to customize for your specific case.

websocket-fuzzer - Simple HTML5 WebSocket fuzzer

  •    Python

A simple websocket fuzzer for application penetration testing. websocket-fuzzer.py: Receives a websocket message, modifies it, and then sends it in different connections. The response is analyzed to find potential vulnerabilities.


nist-data-mirror - A simple Java command-line utility to mirror the CVE XML and JSON data from NIST.

  •    Java

NIST Data Mirror is a Java command-line utility that mirrors the NVD CPE/CVE XML and JSON data from NIST. The intended purpose of nist-data-mirror is to be able to replicate the NIST vulnerabiity data inside a company firewall so that local (faster) access to NIST data can be achieved.

race-the-web - Tests for race conditions in web applications

  •    Go

Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) simultaneously, and then compares the responses from the server for uniqueness. Includes a number of configuration options. Stay tuned...

kurukshetra - Kurukshetra - A framework for teaching secure coding by means of interactive problem solving

  •    PHP

Kurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user input in a secure sandboxed environment. Kurukshetra is composed of two components, the backend framework written in PHP, which manages and leverages the underlying docker system to provide the secure sandbox for the challenge execution, and the frontend, which is a user facing web app providing all the necessary controls, for the admin to host and modify the challenges , and the user to execute and view the result of each of his input.

sbt-dependency-check - SBT Plugin for OWASP DependencyCheck

  •    Scala

The sbt-dependency-check plugin allows projects to monitor dependent libraries for known, published vulnerabilities (e.g. CVEs). The plugin achieves this by using the awesome OWASP DependencyCheck library which already offers several integrations with other build and continuous integration systems. For more information on how OWASP DependencyCheck works and how to read the reports check the project's documentation. sbt-dependency-check is an AutoPlugin, so you need sbt 0.13.5+. Simply add the plugin to project/plugins.sbt file.

sample-scan-files - Sample scan files for testing DefectDojo imports

  •    HTML

Repository for sample scan files. Please do not upload any production data as the scans are intended to be scrubbed or against demo systems.

webbreaker - Dynamic Application Security Test Orchestration (DASTO)

  •    Python

WebBreaker is an open source Dynamic Application Security Test Orchestration (DASTO) client, enabling development teams to create pipelines for security testing and automation of functional security tests, with WebInspect, Fortify SSC, and ThreadFix.