We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws
OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.
owasp vulnerable hacking application-security owasp-top-10 owasp-top-ten pentesting vulnapp appsec ctf web-security web-application-security webappsec pentest security vulnerability broken bodgeitkamus - An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
An open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES). To learn more about Kamus, check out the blog post and slides. If you're running Kamus locally the Kamus URL will be like http://localhost:<port>. So you need to add --allow-insecure-url flag to enable http protocol.
kubernetes-secrets appsec gitops devops kubernetes kmsyawast - The YAWAST Antecedent Web Application Security Toolkit
This is meant to provide a easy way to perform initial analysis and information discovery. It's not a full testing suite, and it certainly isn't Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the --proxy parameter).Please see the wiki for full documentation.
security ssl security-audit security-scanner tls appsecbag-of-holding - An application to assist in the organization and prioritization of software security activities
The Bag of Holding is an application to assist in the organization and prioritization of software security activities. For information on setting up a development environment, see INSTALL.md.
appsec security security-tools threadfix django django-rest-frameworkdependency-check-plugin - Jenkins plugin for OWASP Dependency-Check
Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities. This plug-in can independently execute a Dependency-Check analysis and visualize results.
owasp appsec security component-analysis nvd vulnerabilities visibility jenkins-plugin software-security devops owasp-dependencycheckUkraine-infosec-conferences - Анонси, програми та архів матеріалів українських конференцій з кібер-безпеки
Анонси, програми та архів матеріалів українських подій з кібер-безпеки. Дані збираються з офіційних ресурсів подій, а також з архівів учасників конференцій, archive.org та інших відкритих джерел. Події з кібер-безпеки, які не зберігають архіви матеріалів зустрічей.
conferences cybersecurity appsec hacking ukraine cfp owasp uisgcon bsides hackit nonamcon csa defconjwt-fuzzer - JWT fuzzer
jwt-fuzzer is a simple command line tool that creates multiple, potentially invalid, strings from an initial JSON Web Token. Once the output file is generated you'll usually send the modified JWT using the utils/sender tool, which you'll have to customize for your specific case.
fuzzing jwt security appsec hackingwebsocket-fuzzer - Simple HTML5 WebSocket fuzzer
A simple websocket fuzzer for application penetration testing. websocket-fuzzer.py: Receives a websocket message, modifies it, and then sends it in different connections. The response is analyzed to find potential vulnerabilities.
appsec websocket fuzzing html5dependency-check-sonar-plugin - Integrates Dependency-Check reports into SonarQube
Integrates Dependency-Check reports into SonarQube
owasp sonar-plugin nvd vulnerabilities component-analysis security visibility appsec sonarqube vulnerable-components software-securitydependency-track - Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components
Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
owasp appsec security bom vulnerabilities visibility component-analysis nvd software-security owasp-dependencycheck software-composition-analysis sca bill-of-materials supply-chain-risk-management scrm c-scrm nist-csf nsp vulndbnist-data-mirror - A simple Java command-line utility to mirror the CVE XML and JSON data from NIST.
NIST Data Mirror is a Java command-line utility that mirrors the NVD CPE/CVE XML and JSON data from NIST. The intended purpose of nist-data-mirror is to be able to replicate the NIST vulnerabiity data inside a company firewall so that local (faster) access to NIST data can be achieved.
appsec nvd software-security nist cpe cve software-composition-analysis scathreatmodel-sdk - A Java library for parsing and programmatically using threat models
A Java library for parsing and programmatically using threat models
threat-model sdk software-security java-library appsec secure-designhakbot-origin-controller - Vendor-Neutral Security Tool Automation Controller (over REST)
Vendor-Neutral Security Tool Automation Controller (over REST)
software-security appsec devops automation rest dynamic-analysis nessus threadfix appspider webinspect burp zap securityrace-the-web - Tests for race conditions in web applications
Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) simultaneously, and then compares the responses from the server for uniqueness. Includes a number of configuration options. Stay tuned...
security-tools race-conditions security appsec devops-tools infoseckurukshetra - Kurukshetra - A framework for teaching secure coding by means of interactive problem solving
Kurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user input in a secure sandboxed environment. Kurukshetra is composed of two components, the backend framework written in PHP, which manages and leverages the underlying docker system to provide the secure sandbox for the challenge execution, and the frontend, which is a user facing web app providing all the necessary controls, for the admin to host and modify the challenges , and the user to execute and view the result of each of his input.
secure-coding security infosec appsecsbt-dependency-check - SBT Plugin for OWASP DependencyCheck
The sbt-dependency-check plugin allows projects to monitor dependent libraries for known, published vulnerabilities (e.g. CVEs). The plugin achieves this by using the awesome OWASP DependencyCheck library which already offers several integrations with other build and continuous integration systems. For more information on how OWASP DependencyCheck works and how to read the reports check the project's documentation. sbt-dependency-check is an AutoPlugin, so you need sbt 0.13.5+. Simply add the plugin to project/plugins.sbt file.
sbt sbt-plugin owasp-dependencycheck cve vulnerabilities nvd appsec software-security security owasp static-analysis vulnerability-scannerssample-scan-files - Sample scan files for testing DefectDojo imports
Repository for sample scan files. Please do not upload any production data as the scans are intended to be scrubbed or against demo systems.
appsec scans securitywebbreaker - Dynamic Application Security Test Orchestration (DASTO)
WebBreaker is an open source Dynamic Application Security Test Orchestration (DASTO) client, enabling development teams to create pipelines for security testing and automation of functional security tests, with WebInspect, Fortify SSC, and ThreadFix.
webinspect scans dast jenkins automation security-automation security-tools security-scanner application-security appsec test-automation webbreaker orchestration threadfix webinspect-scanning
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
