Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Projects in Awesome Lists tagged with application-security
A curated list of projects in awesome lists tagged with application-security .
https://github.com/OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
application-security appsec best-practices cheatsheets code owasp security
Last synced: 29 Jul 2024
https://github.com/owasp/cheatsheetseries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
application-security appsec best-practices cheatsheets code owasp security
Last synced: 29 Sep 2024
https://bkimminich.github.io/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Last synced: 31 Jul 2024
https://github.com/bkimminich/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Last synced: 04 Aug 2024
https://github.com/juice-shop/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Last synced: 25 Sep 2024
https://github.com/owasp/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security
Last synced: 30 Sep 2024
https://github.com/OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security
Last synced: 01 Aug 2024
https://github.com/urbanadventurer/whatweb
Next generation web scanner
application-security appsec hacking hacking-tools kali-linux network-security owasp penetration-test penetration-testing penetration-testing-tools pentest pentesting pentesting-tools recon ruby scanner security security-tools web web-hacking
Last synced: 26 Sep 2024
https://github.com/urbanadventurer/WhatWeb
Next generation web scanner
application-security appsec hacking hacking-tools kali-linux network-security owasp penetration-test penetration-testing penetration-testing-tools pentest pentesting pentesting-tools recon ruby scanner security security-tools web web-hacking
Last synced: 30 Jul 2024
https://github.com/jassics/security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
api-security application-security appsec appsec-tutorials aws-security azure-security cybersecurity cybersecurity-education devsecops-university gcp-security infosec pentesting security-testing study-guide study-plan study-planner
Last synced: 01 Oct 2024
https://github.com/payloadbox/command-injection-payload-list
🎯 Command Injection Payload List
application application-security bugbounty command command-injection injection linux macos os os-injection payload payload-list security security-research security-testing security-vulnerability unix vulnerability vulnerability-research windows
Last synced: 30 Sep 2024
https://github.com/ComplianceAsCode/content
Security automation content in SCAP, Bash, Ansible, and other formats
ansible application-security cce compliance cpe cybersecurity hardening information-security ospp oval pci-dss scap security security-automation security-hardening security-profile security-tools stig usgcb xccdf
Last synced: 01 Aug 2024
https://github.com/complianceascode/content
Security automation content in SCAP, Bash, Ansible, and other formats
ansible application-security cce compliance cpe cybersecurity hardening information-security ospp oval pci-dss scap security security-automation security-hardening security-profile security-tools stig usgcb xccdf
Last synced: 30 Sep 2024
https://github.com/s4n7h0/xvwa
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
application-security knowledge learning-appsec mysql php vulnerability xvwa
Last synced: 26 Sep 2024
https://github.com/metlo-labs/metlo
Metlo is an open-source API security platform.
api-gateway api-pentest api-security application-security aws bugbounty bugbounty-tools cybersecurity infosec infosectools metlo monitoring pentest security vulnerabilities vulnerability-detection
Last synced: 30 Sep 2024
https://github.com/harsh-bothra/learn365
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
application-security bugbounty bugbountytips community infosec learning pentesting pentesting-tools vulnerabilities
Last synced: 30 Sep 2024
https://github.com/Janusec/janusec
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。
acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh
Last synced: 01 Aug 2024
https://github.com/janusec/janusec
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。
acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh
Last synced: 26 Sep 2024
https://github.com/sh4hin/androl4b
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
android application-security malware-analyzer mobile-security penetration-testing reverse-engineering
Last synced: 30 Sep 2024
https://github.com/sh4hin/Androl4b
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
android application-security malware-analyzer mobile-security penetration-testing reverse-engineering
Last synced: 15 Aug 2024
https://github.com/bloodzer0/ossa
Open-Source Security Architecture | 开源安全架构
application-security business-security code-audit ids ips security security-audit security-scanner security-tools security-vulnerability vulnerabilities vulnerability-scanners
Last synced: 04 Aug 2024
https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
application-security aws-security azure-security free opensource penetration-testing pentesting
Last synced: 31 Jul 2024
https://github.com/quitten/autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
application-security authorization authorization-enforcement burp-plugin burpsuite jython
Last synced: 01 Aug 2024
https://github.com/Quitten/Autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
application-security authorization authorization-enforcement burp-plugin burpsuite jython
Last synced: 01 Aug 2024
https://github.com/openappsec/openappsec
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
api-security application-security appsec devsecops kong kubernetes nginx nginx-proxy-manager owasp owasp-top-ten rate-limiting security-tools threat-prevention waf web-application-firewall
Last synced: 01 Aug 2024
https://github.com/olacabs/jackhammer
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
application-security dynamic-analysis mobile-security network-security penetration-testing penetration-testing-framework security security-scanner security-vulnerability-assessment source-code-analysis static-code-analysis vulnerability-assessment vulnerability-management vulnerability-scanners vulnerability-scanning webappsec wordpress-security
Last synced: 31 Jul 2024
https://github.com/Anof-cyber/Application-Security
Resources for Application Security including Web, API, Android, iOS and Thick Client
android application-security appsec bugbounty cybersecurity hacking infosec penetration-testing penetration-testing-notes pentesting security security-testing
Last synced: 31 Jul 2024
https://github.com/rewanthtammana/Damn-Vulnerable-Bank
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
android android-security application-security damn-vulnerable-bank hacking hacktoberfest infosec pentesting security vulnerable-android-apps vulnerable-application
Last synced: 01 Aug 2024
https://github.com/security-prince/Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
application-security appsec devsecops infosec interview-questions sdlc security-engineer-interview security-engineering security-team vulnerability webappsec websec websecurity websecurity-reference xss
Last synced: 01 Aug 2024
https://github.com/MattKeeley/Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
application-security appsec cybersecurity deliverability dmarc email-security emails infosec penetration-testing penetration-testing-tools pentesting phishing python python3 redteam security spf
Last synced: 01 Aug 2024
https://github.com/enkomio/Taipan
Web application vulnerability scanner
application-security hacking hacking-tool security security-audit security-automation security-scanner security-testing security-tools taipan web web-application web-sec-scanner web-security web-security-research
Last synced: 01 Aug 2024
https://github.com/paragonie/airship
Secure Content Management for the Modern Web - "The sky is only the beginning"
application-security cms cms-airship content-management free-software libsodium php postgresql secure secure-by-default security
Last synced: 09 Aug 2024
https://github.com/SmileZXLee/ZXHookDetection
【iOS应用安全、安全攻防】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议Demo);【数据传输安全】浅谈http、https与数据加密
application-security defend detection hook ios-security
Last synced: 04 Aug 2024
https://github.com/lukefalsina/grab-n-run
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
android-application android-development application-security dynamic java signature-verification
Last synced: 01 Oct 2024
https://github.com/flipkart-incubator/watchdog
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
application-security bugbounty cve-databases cve-search network-security penetration-testing-framework pentest-tool product-security security security-testing security-tools security-vulnerability vulnerability-assessment vulnerability-management
Last synced: 31 Jul 2024
https://github.com/volkandindar/agartha
A Burp extension generates dynamic payloads to uncover injection flaws (LFI, RCE, SQLi), creates user access tables to identify authentication and authorization issues, attempts to bypass HTTP 403 access restrictions, and converts HTTP requests as JavaScript code for enhanced XSS exploitation.
application-security appsec burp-extensions burpsuite cybersecurity hacking hacking-tool offensivesecurity offsec penetration-testing pentesting
Last synced: 04 Aug 2024
https://github.com/talsec/Free-RASP-Community
SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.
app-shielding application-security appsec attack-detection cloning flutter-rasp flutter-security fraud-detection freerasp frida-detection hooking rasp rasp-library repackaging-detection reverse-engineering security-hardening security-tools shadow-detection tampering-detection
Last synced: 01 Aug 2024
https://github.com/SpamScope/spamscope
Fast Advanced Spam Analysis Tool
ansible ansible-playbook apache-storm application-security dialect docker docker-image mail-analyzer outlook python security smtp spam-analyzer spamscope streamparse
Last synced: 02 Aug 2024
https://github.com/we45/ThreatPlaybook
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
application-security dast devsecops python sast threat-model
Last synced: 01 Aug 2024
https://github.com/jassics/security-interview-questions
Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on
application-security cloud-security cybersecurity devsecops devsecops-interview-quesitons interview-preparation interview-questions security-interview-questions security-questions web-security-interview
Last synced: 04 Aug 2024
https://github.com/Karmaz95/crimson
Web Application Security Testing Tools
application-security penetration-testing pentesting-tools vulnerability-scanners
Last synced: 03 Aug 2024
https://github.com/abhi-r3v0/EVABS
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
android-app android-application-vulnerabilities android-ctf android-labs android-pentest android-security application-security ctf-challenges ctf-platform mobile-app mobile-ctf mobile-pentest mobile-security pentesting vulnerable
Last synced: 02 Aug 2024
https://github.com/iamthefrogy/nerdbug
Full Nuclei automation script with logic explanation.
application-security appsec automation bugbounty bugbounty-bot bugbountytips nuclei nuclei-templates security-tools
Last synced: 04 Aug 2024
https://github.com/tprynn/web-methodology
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
application-security appsec documentation security security-testing web web-application web-application-security
Last synced: 04 Aug 2024
https://github.com/softrams/bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
angular application-security appsec blue-team bugbounty express nodejs penetration-testing-tools pentesting red-team security-tool security-tools typeorm typescript vulnerability-assessment vulnerability-management vulnerability-report vulnerability-research webappsec
Last synced: 04 Aug 2024
https://github.com/Anof-cyber/PyCript
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty
application-security bug-bounty bugbounty burp-extensions burp-plugin burpsuite burpsuite-extender cybersecurity encryption infosec penetration-testing pentesting python security
Last synced: 04 Aug 2024
https://github.com/simioni87/auth_analyzer
Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
application-security auth authorization burp-extensions burp-plugin burpsuite pentest-tool portswigger
Last synced: 04 Aug 2024
https://github.com/brcyrr/CyberSecurityRoadmapSuggestions
This repository contains a list of roadmaps I created with my suggestions on LinkedIn and Twitter.🤞🏻😌
application-security certification cybersecurity devsecops infosec pentesting roadmap
Last synced: 01 Aug 2024
https://github.com/yevh/VulnPlanet
Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)
android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3
Last synced: 07 Sep 2024
https://github.com/moeinfatehi/Backup-Finder
A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
application-security appsecurity backupfinder burp burp-extensions burpsuite burpsuite-extender data-leakage owasp owasp-top-10 owasp-top-ten penetration-testing pentesting portswigger sensitive-data-exposure
Last synced: 04 Aug 2024
https://github.com/lucideus-repo/UnSAFE_Bank
Vulnerable Banking Suite
application-security cybersecurity ethical-hacking hacking learn learning-by-doing mobile-security security-testing security-vulnerability vulnerability-assessment vulnerable-android-apps vulnerable-applications vulnerable-ios-apps vulnerable-web-app vulnerable-webserver whitehat
Last synced: 04 Aug 2024
https://github.com/m14r41/PentestingEverything
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
active-directory-security api-pentesting application-security appsec docker-security forensic-analysis infrastucture iot-security-testing mobile-pentesting network-security source-code thick-client wifi-hacking
Last synced: 06 Aug 2024
https://github.com/pbnj/infosec-interview-questions
🗒️ A [work-in-progress] collection for interview questions for Information Security roles
application-security blue-team information-security infosec interview questions red-team
Last synced: 03 Aug 2024
https://github.com/security-prince/resources-for-application-security
Some good resources for getting started with application security
application-security appsec appsec-tutorials ctf infosec infosec-reference owasp php-security security-engineering web-hacking websec websecurity websecurity-reference
Last synced: 03 Aug 2024
https://github.com/moeinfatehi/Admin-Panel_Finder
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
admin-dashboard-finder admin-finder admin-login-finder admin-login-scanner admin-page-finder admin-panel-finder adminpanelfinder application-security burp-extensions burpsuite burpsuite-extender data-leakage find-admin okadminfinder owasp owasp-top-10 owasp-top-ten penetration-testing sensitive-data-exposure sensitive-data-leakage
Last synced: 02 Aug 2024
https://github.com/purpleteam-labs/purpleteam
CLI component of OWASP PurpleTeam
application-security build-tool ci cli cloud-security devsecops devsecops-pipeline hacktoberfest purpleteam security-regression-testing security-testing web-security
Last synced: 01 Aug 2024
https://github.com/rishuranjanofficial/JWTweak
Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
application-security appsec authentication authorization automation bugbounty jwt jwt-algorithm jwt-algorithm-confusion-attack jwt-tokens pentesting python security-enthusiasts vulnerability-assessment
Last synced: 04 Aug 2024
https://github.com/Keramas/mssqli-duet
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
active-directory application-security burp-extensions burp-plugin mssql penetration-testing sql-injection user-enumeration windows
Last synced: 01 Aug 2024
https://github.com/keramas/mssqli-duet
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
active-directory application-security burp-extensions burp-plugin mssql penetration-testing sql-injection user-enumeration windows
Last synced: 28 Sep 2024
https://github.com/appsecco/VyAPI
VyAPI - A cloud based vulnerable hybrid Android App
application-security aws-cognito mobile-security vulnerable-app
Last synced: 04 Aug 2024
https://github.com/Treblle/security-headers
A collection of HTTP middleware classes to improve the security headers in your Laravel application
application-security backend classes collection http laravel laravel-package middleware php security-headers
Last synced: 01 Aug 2024
https://github.com/appsecco/using-docker-kubernetes-for-automating-appsec-and-osint-workflows
Repository for all the workshop content delivered at nullcon X on 1st of March 2019
application-security docker kubernetes kubernetes-cluster minio nats osint zap
Last synced: 04 Aug 2024
https://github.com/s4dhulabs/vimana-framework
Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
application-security devsecops django-application django-security django-template-language django-templates experimental flask-security hacking hacking-framework hacking-tool hackingtools information-security python-security python3-application secops security-framework
Last synced: 27 Sep 2024
https://github.com/nikhil1232/Bucket-Flaws
Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
application-security aws-s3 bucket bug-bounty bugbounty s3 s3-bucket s3-buckets security-misconfiguration wapt
Last synced: 04 Aug 2024
https://github.com/rusakovichma/TicTaaC
Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used
application-security appsec devsecops secure-development threat threat-model threat-modeling threat-modeling-from-code threat-modeling-tool threat-models
Last synced: 04 Aug 2024
https://github.com/foospidy/fuzzcat
Rudimentary network protocol fuzzer using bash, netcat, and other tools.
application-security bash fuzzer fuzzing netcat network-security
Last synced: 03 Aug 2024
https://github.com/krishpranav/apk-hunter
Android Application Vulnerability Analysis And Android Pentest Tool Built In Ruby
android application application-security ruby security
Last synced: 01 Oct 2024
https://github.com/ableinc/polysecrets
A completely randomized order of secrets; built with security in mind.
application-security cryptography encryption jwt jwt-token password password-generator polysecrets secrets security security-tools server-security signing signing-certificates
Last synced: 02 Oct 2024
https://github.com/kaoudis/advisories
Security advisories
advisories application-security appsec security security-research
Last synced: 01 Oct 2024
https://github.com/ableinc/polysecrets-js
A completely randomized order of secrets; built with security in mind.
application-security cryptography javascript js jwt nodejs npm npm-package polysecrets secrets secrets-management security
Last synced: 02 Oct 2024