Projects in Awesome Lists tagged with application-security

https://github.com/OWASP/CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

application-security appsec best-practices cheatsheets code owasp security

Last synced: 29 Jul 2024

https://github.com/owasp/cheatsheetseries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

application-security appsec best-practices cheatsheets code owasp security

Last synced: 29 Sep 2024

https://bkimminich.github.io/juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable

Last synced: 31 Jul 2024

https://github.com/bkimminich/juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable

Last synced: 04 Aug 2024

https://github.com/juice-shop/juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable

Last synced: 25 Sep 2024

https://github.com/owasp/wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security

Last synced: 30 Sep 2024

https://github.com/OWASP/wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security

Last synced: 01 Aug 2024

https://github.com/urbanadventurer/whatweb

Next generation web scanner

application-security appsec hacking hacking-tools kali-linux network-security owasp penetration-test penetration-testing penetration-testing-tools pentest pentesting pentesting-tools recon ruby scanner security security-tools web web-hacking

Last synced: 26 Sep 2024

https://github.com/urbanadventurer/WhatWeb

Next generation web scanner

application-security appsec hacking hacking-tools kali-linux network-security owasp penetration-test penetration-testing penetration-testing-tools pentest pentesting pentesting-tools recon ruby scanner security security-tools web web-hacking

Last synced: 30 Jul 2024

https://github.com/jassics/security-study-plan

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

api-security application-security appsec appsec-tutorials aws-security azure-security cybersecurity cybersecurity-education devsecops-university gcp-security infosec pentesting security-testing study-guide study-plan study-planner

Last synced: 01 Oct 2024

https://github.com/payloadbox/command-injection-payload-list

🎯 Command Injection Payload List

application application-security bugbounty command command-injection injection linux macos os os-injection payload payload-list security security-research security-testing security-vulnerability unix vulnerability vulnerability-research windows

Last synced: 30 Sep 2024

https://github.com/ComplianceAsCode/content

Security automation content in SCAP, Bash, Ansible, and other formats

ansible application-security cce compliance cpe cybersecurity hardening information-security ospp oval pci-dss scap security security-automation security-hardening security-profile security-tools stig usgcb xccdf

Last synced: 01 Aug 2024

https://github.com/complianceascode/content

Security automation content in SCAP, Bash, Ansible, and other formats

ansible application-security cce compliance cpe cybersecurity hardening information-security ospp oval pci-dss scap security security-automation security-hardening security-profile security-tools stig usgcb xccdf

Last synced: 30 Sep 2024

https://github.com/s4n7h0/xvwa

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

application-security knowledge learning-appsec mysql php vulnerability xvwa

Last synced: 26 Sep 2024

https://github.com/metlo-labs/metlo

Metlo is an open-source API security platform.

api-gateway api-pentest api-security application-security aws bugbounty bugbounty-tools cybersecurity infosec infosectools metlo monitoring pentest security vulnerabilities vulnerability-detection

Last synced: 30 Sep 2024

https://github.com/harsh-bothra/learn365

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

application-security bugbounty bugbountytips community infosec learning pentesting pentesting-tools vulnerabilities

Last synced: 30 Sep 2024

https://github.com/Janusec/janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 01 Aug 2024

https://github.com/janusec/janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 26 Sep 2024

https://github.com/sh4hin/androl4b

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

android application-security malware-analyzer mobile-security penetration-testing reverse-engineering

Last synced: 30 Sep 2024

https://github.com/sh4hin/Androl4b

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

android application-security malware-analyzer mobile-security penetration-testing reverse-engineering

Last synced: 15 Aug 2024

https://github.com/bloodzer0/ossa

Open-Source Security Architecture | 开源安全架构

application-security business-security code-audit ids ips security security-audit security-scanner security-tools security-vulnerability vulnerabilities vulnerability-scanners

Last synced: 04 Aug 2024

https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

application-security aws-security azure-security free opensource penetration-testing pentesting

Last synced: 31 Jul 2024

https://github.com/quitten/autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

application-security authorization authorization-enforcement burp-plugin burpsuite jython

Last synced: 01 Aug 2024

https://github.com/Quitten/Autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

application-security authorization authorization-enforcement burp-plugin burpsuite jython

Last synced: 01 Aug 2024

https://github.com/openappsec/openappsec

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

api-security application-security appsec devsecops kong kubernetes nginx nginx-proxy-manager owasp owasp-top-ten rate-limiting security-tools threat-prevention waf web-application-firewall

Last synced: 01 Aug 2024

https://github.com/olacabs/jackhammer

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

application-security dynamic-analysis mobile-security network-security penetration-testing penetration-testing-framework security security-scanner security-vulnerability-assessment source-code-analysis static-code-analysis vulnerability-assessment vulnerability-management vulnerability-scanners vulnerability-scanning webappsec wordpress-security

Last synced: 31 Jul 2024

https://github.com/Anof-cyber/Application-Security

Resources for Application Security including Web, API, Android, iOS and Thick Client

android application-security appsec bugbounty cybersecurity hacking infosec penetration-testing penetration-testing-notes pentesting security security-testing

Last synced: 31 Jul 2024

https://github.com/rewanthtammana/Damn-Vulnerable-Bank

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

android android-security application-security damn-vulnerable-bank hacking hacktoberfest infosec pentesting security vulnerable-android-apps vulnerable-application

Last synced: 01 Aug 2024

https://github.com/security-prince/Application-Security-Engineer-Interview-Questions

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

application-security appsec devsecops infosec interview-questions sdlc security-engineer-interview security-engineering security-team vulnerability webappsec websec websecurity websecurity-reference xss

Last synced: 01 Aug 2024

https://github.com/MattKeeley/Spoofy

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

application-security appsec cybersecurity deliverability dmarc email-security emails infosec penetration-testing penetration-testing-tools pentesting phishing python python3 redteam security spf

Last synced: 01 Aug 2024

https://github.com/enkomio/Taipan

Web application vulnerability scanner

application-security hacking hacking-tool security security-audit security-automation security-scanner security-testing security-tools taipan web web-application web-sec-scanner web-security web-security-research

Last synced: 01 Aug 2024

https://github.com/paragonie/airship

Secure Content Management for the Modern Web - "The sky is only the beginning"

application-security cms cms-airship content-management free-software libsodium php postgresql secure secure-by-default security

Last synced: 09 Aug 2024

https://github.com/SmileZXLee/ZXHookDetection

【iOS应用安全、安全攻防】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议Demo)；【数据传输安全】浅谈http、https与数据加密

application-security defend detection hook ios-security

Last synced: 04 Aug 2024

https://github.com/lukefalsina/grab-n-run

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

android-application android-development application-security dynamic java signature-verification

Last synced: 01 Oct 2024

https://github.com/flipkart-incubator/watchdog

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

application-security bugbounty cve-databases cve-search network-security penetration-testing-framework pentest-tool product-security security security-testing security-tools security-vulnerability vulnerability-assessment vulnerability-management

Last synced: 31 Jul 2024

https://github.com/volkandindar/agartha

A Burp extension generates dynamic payloads to uncover injection flaws (LFI, RCE, SQLi), creates user access tables to identify authentication and authorization issues, attempts to bypass HTTP 403 access restrictions, and converts HTTP requests as JavaScript code for enhanced XSS exploitation.

application-security appsec burp-extensions burpsuite cybersecurity hacking hacking-tool offensivesecurity offsec penetration-testing pentesting

Last synced: 04 Aug 2024

https://github.com/talsec/Free-RASP-Community

SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.

app-shielding application-security appsec attack-detection cloning flutter-rasp flutter-security fraud-detection freerasp frida-detection hooking rasp rasp-library repackaging-detection reverse-engineering security-hardening security-tools shadow-detection tampering-detection

Last synced: 01 Aug 2024

https://github.com/SpamScope/spamscope

Fast Advanced Spam Analysis Tool

ansible ansible-playbook apache-storm application-security dialect docker docker-image mail-analyzer outlook python security smtp spam-analyzer spamscope streamparse

Last synced: 02 Aug 2024

https://github.com/we45/ThreatPlaybook

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

application-security dast devsecops python sast threat-model

Last synced: 01 Aug 2024

https://github.com/jassics/security-interview-questions

Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on

application-security cloud-security cybersecurity devsecops devsecops-interview-quesitons interview-preparation interview-questions security-interview-questions security-questions web-security-interview

Last synced: 04 Aug 2024

https://github.com/Karmaz95/crimson

Web Application Security Testing Tools

application-security penetration-testing pentesting-tools vulnerability-scanners

Last synced: 03 Aug 2024

https://github.com/abhi-r3v0/EVABS

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

android-app android-application-vulnerabilities android-ctf android-labs android-pentest android-security application-security ctf-challenges ctf-platform mobile-app mobile-ctf mobile-pentest mobile-security pentesting vulnerable

Last synced: 02 Aug 2024

https://github.com/iamthefrogy/nerdbug

Full Nuclei automation script with logic explanation.

application-security appsec automation bugbounty bugbounty-bot bugbountytips nuclei nuclei-templates security-tools

Last synced: 04 Aug 2024

https://github.com/tprynn/web-methodology

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

application-security appsec documentation security security-testing web web-application web-application-security

Last synced: 04 Aug 2024

https://github.com/softrams/bulwark

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

angular application-security appsec blue-team bugbounty express nodejs penetration-testing-tools pentesting red-team security-tool security-tools typeorm typescript vulnerability-assessment vulnerability-management vulnerability-report vulnerability-research webappsec

Last synced: 04 Aug 2024

https://github.com/Anof-cyber/PyCript

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty

application-security bug-bounty bugbounty burp-extensions burp-plugin burpsuite burpsuite-extender cybersecurity encryption infosec penetration-testing pentesting python security

Last synced: 04 Aug 2024

https://github.com/simioni87/auth_analyzer

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

application-security auth authorization burp-extensions burp-plugin burpsuite pentest-tool portswigger

Last synced: 04 Aug 2024

https://github.com/brcyrr/CyberSecurityRoadmapSuggestions

This repository contains a list of roadmaps I created with my suggestions on LinkedIn and Twitter.🤞🏻😌

application-security certification cybersecurity devsecops infosec pentesting roadmap

Last synced: 01 Aug 2024

https://github.com/yevh/VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3

Last synced: 07 Sep 2024

https://github.com/moeinfatehi/Backup-Finder

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)

application-security appsecurity backupfinder burp burp-extensions burpsuite burpsuite-extender data-leakage owasp owasp-top-10 owasp-top-ten penetration-testing pentesting portswigger sensitive-data-exposure

Last synced: 04 Aug 2024

https://github.com/lucideus-repo/UnSAFE_Bank

Vulnerable Banking Suite

application-security cybersecurity ethical-hacking hacking learn learning-by-doing mobile-security security-testing security-vulnerability vulnerability-assessment vulnerable-android-apps vulnerable-applications vulnerable-ios-apps vulnerable-web-app vulnerable-webserver whitehat

Last synced: 04 Aug 2024

https://github.com/m14r41/PentestingEverything

active-directory-security api-pentesting application-security appsec docker-security forensic-analysis infrastucture iot-security-testing mobile-pentesting network-security source-code thick-client wifi-hacking

Last synced: 06 Aug 2024

https://github.com/pbnj/infosec-interview-questions

🗒️ A [work-in-progress] collection for interview questions for Information Security roles

application-security blue-team information-security infosec interview questions red-team

Last synced: 03 Aug 2024

https://github.com/security-prince/resources-for-application-security

Some good resources for getting started with application security

application-security appsec appsec-tutorials ctf infosec infosec-reference owasp php-security security-engineering web-hacking websec websecurity websecurity-reference

Last synced: 03 Aug 2024

https://github.com/moeinfatehi/Admin-Panel_Finder

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

admin-dashboard-finder admin-finder admin-login-finder admin-login-scanner admin-page-finder admin-panel-finder adminpanelfinder application-security burp-extensions burpsuite burpsuite-extender data-leakage find-admin okadminfinder owasp owasp-top-10 owasp-top-ten penetration-testing sensitive-data-exposure sensitive-data-leakage

Last synced: 02 Aug 2024

https://github.com/purpleteam-labs/purpleteam

CLI component of OWASP PurpleTeam

application-security build-tool ci cli cloud-security devsecops devsecops-pipeline hacktoberfest purpleteam security-regression-testing security-testing web-security

Last synced: 01 Aug 2024

https://github.com/rishuranjanofficial/JWTweak

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

application-security appsec authentication authorization automation bugbounty jwt jwt-algorithm jwt-algorithm-confusion-attack jwt-tokens pentesting python security-enthusiasts vulnerability-assessment

Last synced: 04 Aug 2024

https://github.com/Keramas/mssqli-duet

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

active-directory application-security burp-extensions burp-plugin mssql penetration-testing sql-injection user-enumeration windows

Last synced: 01 Aug 2024

https://github.com/keramas/mssqli-duet

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

active-directory application-security burp-extensions burp-plugin mssql penetration-testing sql-injection user-enumeration windows

Last synced: 28 Sep 2024

https://github.com/appsecco/VyAPI

VyAPI - A cloud based vulnerable hybrid Android App

application-security aws-cognito mobile-security vulnerable-app

Last synced: 04 Aug 2024

https://github.com/Treblle/security-headers

A collection of HTTP middleware classes to improve the security headers in your Laravel application

application-security backend classes collection http laravel laravel-package middleware php security-headers

Last synced: 01 Aug 2024

https://github.com/appsecco/using-docker-kubernetes-for-automating-appsec-and-osint-workflows

Repository for all the workshop content delivered at nullcon X on 1st of March 2019

application-security docker kubernetes kubernetes-cluster minio nats osint zap

Last synced: 04 Aug 2024

https://github.com/s4dhulabs/vimana-framework

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

application-security devsecops django-application django-security django-template-language django-templates experimental flask-security hacking hacking-framework hacking-tool hackingtools information-security python-security python3-application secops security-framework

Last synced: 27 Sep 2024

https://github.com/nikhil1232/Bucket-Flaws

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

application-security aws-s3 bucket bug-bounty bugbounty s3 s3-bucket s3-buckets security-misconfiguration wapt

Last synced: 04 Aug 2024

https://github.com/rusakovichma/TicTaaC

Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used

application-security appsec devsecops secure-development threat threat-model threat-modeling threat-modeling-from-code threat-modeling-tool threat-models