We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
ModSecurity - Cross platform Web Application Firewall (WAF)
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
firewall web-application-firewall waf owaspawesome-appsec - A curated list of resources for learning about application security
A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes. Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities. We also have other community projects which might be useful for tomorrow's application security experts.
security-experts reading-list curated application-security security owaspamass - In-depth subdomain enumeration written in Go
Amass is now an OWASP project and the OWASP GitHub organization repository is where all further development and releases will take place.
dns subdomain enumeration recon maltego owaspAstra - Automated Security Testing For REST API's
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically detect and test login & logout (Authentication API), so it's easy for anyone to integrate this into CICD pipeline. Astra can take API collection as an input so this can also be used for testing apis in standalone mode.
security restapiautomation owasp penetration-testing-framework postman-collection ci-cd sdlc penetration-testing security-automationOWASP Juice Shop - Probably the most modern and sophisticated insecure web application
OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.
owasp vulnerable hacking application-security pentesting vulnapp appsec ctf web-security web-application-security webappsec pentest securityBluemonday - A fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable.bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page.
sanitization html security xss owasp whitelist parser html-sanitizerdjango-DefectDojo - DefectDojo is an open-source application vulnerability correlation and security orchestration tool
DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo. Try out DefectDojo in our testing environment.
vulnerability-databases django security owasp analytics vulnerability-management automation security-automation security-orchestration devsecops vulnerability-correlationHTML Purifier - Standards compliant HTML filter written in PHP
HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
sanitization html security xss owasp whitelist parser html-sanitizerBlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website
BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. This software is released under the GNU General Public License v3.0. See LICENSE.md for details.
web application scanner osint fuzzer owasp vulnerability spider passive active sqli xss lfi rfi rce csrf automated scan reportOWASP .NET Shield
Code to protect .NET Web applications and services against sql injection and cross site scripting attacks.
owasp sql-injection sqlinjection xssvbscan - OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analysis them . If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.
owasp vbscan vbulletin vulnerability scanner vulnerability-scanners exploitOpenDoor - OWASP WEB Directory Scanner
OpenDoor OWASP is console multifunctional web sites scanner. This application find all possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden data and large backups. The scanning is performed by the built-in dictionary and external dictionaries as well. Anonymity and speed are provided by means of using proxy servers. Software is written for informational purposes and is open source product under the GPL license.
dirscanner scanner owasp dir-scanner dir-search directories-scanner bruteforce pentest blackarch proxies dirsearchglue - Application Security Automation
Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools. Checkout the Playground to get a better understanding of Glue's features and how you can use them.
ci-cd devsecops tool owaspOwaspHeaders
A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security. ClacksMiddleware has a Code of Conduct which all contributors, maintainers and forkers must adhere to. When contributing, maintaining, forking or in any other way changing the code presented in this repository, all users must agree to this Code of Conduct.
aspnetcore middleware owasp security nuget http-headerdependency-check-plugin - Jenkins plugin for OWASP Dependency-Check
Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities. This plug-in can independently execute a Dependency-Check analysis and visualize results.
owasp appsec security component-analysis nvd vulnerabilities visibility jenkins-plugin software-security devops owasp-dependencycheckUkraine-infosec-conferences - Анонси, програми та архів матеріалів українських конференцій з кібер-безпеки
Анонси, програми та архів матеріалів українських подій з кібер-безпеки. Дані збираються з офіційних ресурсів подій, а також з архівів учасників конференцій, archive.org та інших відкритих джерел. Події з кібер-безпеки, які не зберігають архіви матеріалів зустрічей.
conferences cybersecurity appsec hacking ukraine cfp owasp uisgcon bsides hackit nonamcon csa defcondependency-check-sonar-plugin - Integrates Dependency-Check reports into SonarQube
Integrates Dependency-Check reports into SonarQube
owasp sonar-plugin nvd vulnerabilities component-analysis security visibility appsec sonarqube vulnerable-components software-securitydependency-track - Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components
Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
owasp appsec security bom vulnerabilities visibility component-analysis nvd software-security owasp-dependencycheck software-composition-analysis sca bill-of-materials supply-chain-risk-management scrm c-scrm nist-csf nsp vulndbdependency-check-py - :closed_lock_with_key: Shim to easily install OWASP dependency-check-cli into Python projects
Shim to easily install the OWASP dependency-check-cli tool into Python projects. dependency-check scans application dependencies and checks whether they contain any published vulnerabilities (based on the NIST NVD). It runs in the JVM, so you need some form of java available in your PATH. The script should work on Linux, Mac OSX and Windows, but right now is only tested on Linux.
owasp dependency-analysis security cli-utility software-supply-chain cve-scanning vulnerability-detection security-audit software-composition-analysisowasp-aasvs - OWASP Annotated Application Verfication Standard
This repository aims to host the versioned and authoritative source data for the OWASP ASVS project. In order to build on top of this data a strict and normalized format was required ( unlike say storing everything in MarkDown or HTML) as it's much easier to remove strictness then to add it. There are many data serialization formats, those with broad support include: XML, CSV and YAML.
owasp aasvs security auditing
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
