We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
OWASP Juice Shop - Probably the most modern and sophisticated insecure web application
OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.
owasp vulnerable hacking application-security pentesting vulnapp appsec ctf web-security web-application-security webappsec pentest securityDependency-Track - Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
security owasp bom vulnerabilities vulndb appsec component-analysis nvd vulnerability-detection sca software-security security-automation devsecops software-composition-analysis bill-of-materials ossindex purl package-url sbom cyclonedxkics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. KICS stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project.
security iac infrastructure-as-code cloudnative appseckamus - An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
An open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES). To learn more about Kamus, check out the blog post and slides. If you're running Kamus locally the Kamus URL will be like http://localhost:<port>. So you need to add --allow-insecure-url flag to enable http protocol.
kubernetes-secrets appsec gitops devops kubernetes kmssast-scan - Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies
Scan is a free open-source security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application, and infrastructure code in a single fast scan without the need for any remote server. Scan is purpose built for workflow integration with nifty features such as automatic build breaker, results baseline and PR summary comments. Scan products are open-source under a GNU GPL 3.0 or later (GPL-3.0-or-later) license. Please visit the official documentation site for scan to learn about the configuration and CI/CD integration options. We also have a dedicated discord channel for issues and support.
workflow appsec scanners license-scan devsecops sast dependency-scanzap-hud - The OWASP ZAP Heads Up Display (HUD)
The HUD is an interface that provides the functionality of ZAP directly in the browser. In all cases you will need Java 8+ installed.
zap owasp hud appsec hacktoberfest owasp-zapyawast - The YAWAST Antecedent Web Application Security Toolkit
This is meant to provide a easy way to perform initial analysis and information discovery. It's not a full testing suite, and it certainly isn't Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the --proxy parameter).Please see the wiki for full documentation.
security ssl security-audit security-scanner tls appsecbag-of-holding - An application to assist in the organization and prioritization of software security activities
The Bag of Holding is an application to assist in the organization and prioritization of software security activities. For information on setting up a development environment, see INSTALL.md.
appsec security security-tools threadfix django django-rest-frameworkdependency-check-plugin - Jenkins plugin for OWASP Dependency-Check
Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities. This plug-in can independently execute a Dependency-Check analysis and visualize results.
owasp appsec security component-analysis nvd vulnerabilities visibility jenkins-plugin software-security devops owasp-dependencycheckUkraine-infosec-conferences - Анонси, програми та архів матеріалів українських конференцій з кібер-безпеки
Анонси, програми та архів матеріалів українських подій з кібер-безпеки. Дані збираються з офіційних ресурсів подій, а також з архівів учасників конференцій, archive.org та інших відкритих джерел. Події з кібер-безпеки, які не зберігають архіви матеріалів зустрічей.
conferences cybersecurity appsec hacking ukraine cfp owasp uisgcon bsides hackit nonamcon csa defconjwt-fuzzer - JWT fuzzer
jwt-fuzzer is a simple command line tool that creates multiple, potentially invalid, strings from an initial JSON Web Token. Once the output file is generated you'll usually send the modified JWT using the utils/sender tool, which you'll have to customize for your specific case.
fuzzing jwt security appsec hackingwebsocket-fuzzer - Simple HTML5 WebSocket fuzzer
A simple websocket fuzzer for application penetration testing. websocket-fuzzer.py: Receives a websocket message, modifies it, and then sends it in different connections. The response is analyzed to find potential vulnerabilities.
appsec websocket fuzzing html5dependency-check-sonar-plugin - Integrates Dependency-Check reports into SonarQube
Integrates Dependency-Check reports into SonarQube
owasp sonar-plugin nvd vulnerabilities component-analysis security visibility appsec sonarqube vulnerable-components software-securitydependency-track - Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components
Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
owasp appsec security bom vulnerabilities visibility component-analysis nvd software-security owasp-dependencycheck software-composition-analysis sca bill-of-materials supply-chain-risk-management scrm c-scrm nist-csf nsp vulndbnist-data-mirror - A simple Java command-line utility to mirror the CVE XML and JSON data from NIST.
NIST Data Mirror is a Java command-line utility that mirrors the NVD CPE/CVE XML and JSON data from NIST. The intended purpose of nist-data-mirror is to be able to replicate the NIST vulnerabiity data inside a company firewall so that local (faster) access to NIST data can be achieved.
appsec nvd software-security nist cpe cve software-composition-analysis scathreatmodel-sdk - A Java library for parsing and programmatically using threat models
A Java library for parsing and programmatically using threat models
threat-model sdk software-security java-library appsec secure-designhakbot-origin-controller - Vendor-Neutral Security Tool Automation Controller (over REST)
Vendor-Neutral Security Tool Automation Controller (over REST)
software-security appsec devops automation rest dynamic-analysis nessus threadfix appspider webinspect burp zap securityrace-the-web - Tests for race conditions in web applications
Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) simultaneously, and then compares the responses from the server for uniqueness. Includes a number of configuration options. Stay tuned...
security-tools race-conditions security appsec devops-tools infoseckurukshetra - Kurukshetra - A framework for teaching secure coding by means of interactive problem solving
Kurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user input in a secure sandboxed environment. Kurukshetra is composed of two components, the backend framework written in PHP, which manages and leverages the underlying docker system to provide the secure sandbox for the challenge execution, and the frontend, which is a user facing web app providing all the necessary controls, for the admin to host and modify the challenges , and the user to execute and view the result of each of his input.
secure-coding security infosec appsecsbt-dependency-check - SBT Plugin for OWASP DependencyCheck
The sbt-dependency-check plugin allows projects to monitor dependent libraries for known, published vulnerabilities (e.g. CVEs). The plugin achieves this by using the awesome OWASP DependencyCheck library which already offers several integrations with other build and continuous integration systems. For more information on how OWASP DependencyCheck works and how to read the reports check the project's documentation. sbt-dependency-check is an AutoPlugin, so you need sbt 0.13.5+. Simply add the plugin to project/plugins.sbt file.
sbt sbt-plugin owasp-dependencycheck cve vulnerabilities nvd appsec software-security security owasp static-analysis vulnerability-scanners
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
