OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.
owasp vulnerable hacking application-security pentesting vulnapp appsec ctf web-security web-application-security webappsec pentest securityDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
security owasp bom vulnerabilities vulndb appsec component-analysis nvd vulnerability-detection sca software-security security-automation devsecops software-composition-analysis bill-of-materials ossindex purl package-url sbom cyclonedxFind security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. KICS stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project.
security iac infrastructure-as-code cloudnative appsecAn open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES). To learn more about Kamus, check out the blog post and slides. If you're running Kamus locally the Kamus URL will be like http://localhost:<port>. So you need to add --allow-insecure-url flag to enable http protocol.
kubernetes-secrets appsec gitops devops kubernetes kmsScan is a free open-source security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application, and infrastructure code in a single fast scan without the need for any remote server. Scan is purpose built for workflow integration with nifty features such as automatic build breaker, results baseline and PR summary comments. Scan products are open-source under a GNU GPL 3.0 or later (GPL-3.0-or-later) license. Please visit the official documentation site for scan to learn about the configuration and CI/CD integration options. We also have a dedicated discord channel for issues and support.
workflow appsec scanners license-scan devsecops sast dependency-scanThe HUD is an interface that provides the functionality of ZAP directly in the browser. In all cases you will need Java 8+ installed.
zap owasp hud appsec hacktoberfest owasp-zapThis is meant to provide a easy way to perform initial analysis and information discovery. It's not a full testing suite, and it certainly isn't Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the --proxy parameter).Please see the wiki for full documentation.
security ssl security-audit security-scanner tls appsecThe Bag of Holding is an application to assist in the organization and prioritization of software security activities. For information on setting up a development environment, see INSTALL.md.
appsec security security-tools threadfix django django-rest-frameworkDependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities. This plug-in can independently execute a Dependency-Check analysis and visualize results.
owasp appsec security component-analysis nvd vulnerabilities visibility jenkins-plugin software-security devops owasp-dependencycheckАнонси, програми та архів матеріалів українських подій з кібер-безпеки. Дані збираються з офіційних ресурсів подій, а також з архівів учасників конференцій, archive.org та інших відкритих джерел. Події з кібер-безпеки, які не зберігають архіви матеріалів зустрічей.
conferences cybersecurity appsec hacking ukraine cfp owasp uisgcon bsides hackit nonamcon csa defconjwt-fuzzer is a simple command line tool that creates multiple, potentially invalid, strings from an initial JSON Web Token. Once the output file is generated you'll usually send the modified JWT using the utils/sender tool, which you'll have to customize for your specific case.
fuzzing jwt security appsec hackingA simple websocket fuzzer for application penetration testing. websocket-fuzzer.py: Receives a websocket message, modifies it, and then sends it in different connections. The response is analyzed to find potential vulnerabilities.
appsec websocket fuzzing html5Integrates Dependency-Check reports into SonarQube
owasp sonar-plugin nvd vulnerabilities component-analysis security visibility appsec sonarqube vulnerable-components software-securityDependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
owasp appsec security bom vulnerabilities visibility component-analysis nvd software-security owasp-dependencycheck software-composition-analysis sca bill-of-materials supply-chain-risk-management scrm c-scrm nist-csf nsp vulndbNIST Data Mirror is a Java command-line utility that mirrors the NVD CPE/CVE XML and JSON data from NIST. The intended purpose of nist-data-mirror is to be able to replicate the NIST vulnerabiity data inside a company firewall so that local (faster) access to NIST data can be achieved.
appsec nvd software-security nist cpe cve software-composition-analysis scaA Java library for parsing and programmatically using threat models
threat-model sdk software-security java-library appsec secure-designVendor-Neutral Security Tool Automation Controller (over REST)
software-security appsec devops automation rest dynamic-analysis nessus threadfix appspider webinspect burp zap securityTests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) simultaneously, and then compares the responses from the server for uniqueness. Includes a number of configuration options. Stay tuned...
security-tools race-conditions security appsec devops-tools infosecKurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user input in a secure sandboxed environment. Kurukshetra is composed of two components, the backend framework written in PHP, which manages and leverages the underlying docker system to provide the secure sandbox for the challenge execution, and the frontend, which is a user facing web app providing all the necessary controls, for the admin to host and modify the challenges , and the user to execute and view the result of each of his input.
secure-coding security infosec appsecThe sbt-dependency-check plugin allows projects to monitor dependent libraries for known, published vulnerabilities (e.g. CVEs). The plugin achieves this by using the awesome OWASP DependencyCheck library which already offers several integrations with other build and continuous integration systems. For more information on how OWASP DependencyCheck works and how to read the reports check the project's documentation. sbt-dependency-check is an AutoPlugin, so you need sbt 0.13.5+. Simply add the plugin to project/plugins.sbt file.
sbt sbt-plugin owasp-dependencycheck cve vulnerabilities nvd appsec software-security security owasp static-analysis vulnerability-scanners
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.