ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
firewall web-application-firewall waf owaspA curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes. Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities. We also have other community projects which might be useful for tomorrow's application security experts.
security-experts reading-list curated application-security security owaspAmass is now an OWASP project and the OWASP GitHub organization repository is where all further development and releases will take place.
dns subdomain enumeration recon maltego owaspREST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically detect and test login & logout (Authentication API), so it's easy for anyone to integrate this into CICD pipeline. Astra can take API collection as an input so this can also be used for testing apis in standalone mode.
security restapiautomation owasp penetration-testing-framework postman-collection ci-cd sdlc penetration-testing security-automationOWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.
owasp vulnerable hacking application-security pentesting vulnapp appsec ctf web-security web-application-security webappsec pentest securitybluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable.bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page.
sanitization html security xss owasp whitelist parser html-sanitizerDefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo. Try out DefectDojo in our testing environment.
vulnerability-databases django security owasp analytics vulnerability-management automation security-automation security-orchestration devsecops vulnerability-correlationDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
security owasp bom vulnerabilities vulndb appsec component-analysis nvd vulnerability-detection sca software-security security-automation devsecops software-composition-analysis bill-of-materials ossindex purl package-url sbom cyclonedxHTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
sanitization html security xss owasp whitelist parser html-sanitizerBlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. This software is released under the GNU General Public License v3.0. See LICENSE.md for details.
web application scanner osint fuzzer owasp vulnerability spider passive active sqli xss lfi rfi rce csrf automated scan reportThis repository is a monorepo managed with Lerna. Several constructs are published to pypi and npm from the same codebase. We welcome community contributions and pull requests.
github slack webhooks aws devops chatops backup stripe container contentful ecs owasp codepipeline codecommit codedeploy cdk msteams dependency-check aws-cdk bluegreen-deploymentCode to protect .NET Web applications and services against sql injection and cross site scripting attacks.
owasp sql-injection sqlinjection xssOWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analysis them . If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.
owasp vbscan vbulletin vulnerability scanner vulnerability-scanners exploitOpenDoor OWASP is console multifunctional web sites scanner. This application find all possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden data and large backups. The scanning is performed by the built-in dictionary and external dictionaries as well. Anonymity and speed are provided by means of using proxy servers. Software is written for informational purposes and is open source product under the GPL license.
dirscanner scanner owasp dir-scanner dir-search directories-scanner bruteforce pentest blackarch proxies dirsearchThe HUD is an interface that provides the functionality of ZAP directly in the browser. In all cases you will need Java 8+ installed.
zap owasp hud appsec hacktoberfest owasp-zapGlue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools. Checkout the Playground to get a better understanding of Glue's features and how you can use them.
ci-cd devsecops tool owaspA .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security. ClacksMiddleware has a Code of Conduct which all contributors, maintainers and forkers must adhere to. When contributing, maintaining, forking or in any other way changing the code presented in this repository, all users must agree to this Code of Conduct.
aspnetcore middleware owasp security nuget http-headerDependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities. This plug-in can independently execute a Dependency-Check analysis and visualize results.
owasp appsec security component-analysis nvd vulnerabilities visibility jenkins-plugin software-security devops owasp-dependencycheckАнонси, програми та архів матеріалів українських подій з кібер-безпеки. Дані збираються з офіційних ресурсів подій, а також з архівів учасників конференцій, archive.org та інших відкритих джерел. Події з кібер-безпеки, які не зберігають архіви матеріалів зустрічей.
conferences cybersecurity appsec hacking ukraine cfp owasp uisgcon bsides hackit nonamcon csa defconIntegrates Dependency-Check reports into SonarQube
owasp sonar-plugin nvd vulnerabilities component-analysis security visibility appsec sonarqube vulnerable-components software-security
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.