Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with application-security

A curated list of projects in awesome lists tagged with application-security .

https://github.com/OWASP/CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

application-security appsec best-practices cheatsheets code owasp security

Last synced: 12 Mar 2025

https://github.com/owasp/cheatsheetseries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

application-security appsec best-practices cheatsheets code owasp security

Last synced: 02 Mar 2026

https://github.com/chaitin/safeline

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss

Last synced: 14 May 2025

https://github.com/chaitin/SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss

Last synced: 25 Mar 2025

https://github.com/juice-shop/juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable

Last synced: 13 May 2025

https://bkimminich.github.io/juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable

Last synced: 20 Mar 2025

https://github.com/owasp/wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security

Last synced: 24 Feb 2026

https://github.com/OWASP/wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security

Last synced: 30 Mar 2025

https://github.com/jassics/security-study-plan

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

api-security application-security appsec appsec-tutorials aws-security azure-security cybersecurity cybersecurity-education devsecops-university gcp-security infosec pentesting security-testing study-guide study-plan study-planner

Last synced: 09 Feb 2026

https://github.com/s4n7h0/xvwa

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

application-security knowledge learning-appsec mysql php vulnerability xvwa

Last synced: 06 Apr 2025

https://github.com/harsh-bothra/learn365

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

application-security bugbounty bugbountytips community infosec learning pentesting pentesting-tools vulnerabilities

Last synced: 02 Feb 2026

https://github.com/janusec/janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 11 Jan 2026

https://github.com/Janusec/janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 30 Mar 2025

https://github.com/Janusec/Application-Gateway

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 05 Apr 2025

https://github.com/openappsec/openappsec

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

api-security application-security appsec devsecops kong kubernetes nginx nginx-proxy-manager owasp owasp-top-ten rate-limiting security-tools threat-prevention waf web-application-firewall

Last synced: 29 Dec 2025

https://github.com/sh4hin/androl4b

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

android application-security malware-analyzer mobile-security penetration-testing reverse-engineering

Last synced: 16 May 2025

https://github.com/safe3/uuwaf

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

api-gateway api-security application-security data-mask ddos hips modsecurity nginx owasp rasp security sql-injection uusec uusec-waf uuwaf waap waf web-application-firewall web-security-gateway xss

Last synced: 18 Jun 2025

https://github.com/sh4hin/Androl4b

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

android application-security malware-analyzer mobile-security penetration-testing reverse-engineering

Last synced: 03 Aug 2025

https://github.com/quitten/autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

application-security authorization authorization-enforcement burp-plugin burpsuite jython

Last synced: 11 Jan 2026

https://github.com/Quitten/Autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

application-security authorization authorization-enforcement burp-plugin burpsuite jython

Last synced: 02 Apr 2025

https://github.com/PhonePe/mantis

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

application-security attack-surface-management bugbounty caasm hacktoberfest osint pentesting product-security recon security-tools

Last synced: 04 Sep 2025

https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

application-security aws-security azure-security free opensource penetration-testing pentesting

Last synced: 23 Mar 2025

https://github.com/security-prince/Application-Security-Engineer-Interview-Questions

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

application-security appsec devsecops infosec interview-questions sdlc security-engineer-interview security-engineering security-team vulnerability webappsec websec websecurity websecurity-reference xss

Last synced: 17 Apr 2025

https://github.com/rewanthtammana/Damn-Vulnerable-Bank

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

android android-security application-security damn-vulnerable-bank hacking hacktoberfest infosec pentesting security vulnerable-android-apps vulnerable-application

Last synced: 08 Apr 2025

https://github.com/SmileZXLee/ZXHookDetection

【iOS应用安全、安全攻防】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议Demo);【数据传输安全】浅谈http、https与数据加密

application-security defend detection hook ios-security

Last synced: 11 Jul 2025

https://github.com/paragonie/airship

Secure Content Management for the Modern Web - "The sky is only the beginning"

application-security cms cms-airship content-management free-software libsodium php postgresql secure secure-by-default security

Last synced: 22 Jul 2025

https://github.com/lukefalsina/grab-n-run

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

android-application android-development application-security dynamic java signature-verification

Last synced: 07 Apr 2025

https://github.com/lukeFalsina/Grab-n-Run

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

android-application android-development application-security dynamic java signature-verification

Last synced: 16 Nov 2025

https://github.com/juice-shop/juice-shop-ctf

Tool to export Juice Shop challenges and hints in data format compatible with CTFd, RootTheBox or FBCTF

24pullrequests application-security capture-the-flag ctf ctf-frameworks ctfd ctfd-database ctfd-setup facebook-ctf fbctf hacking hacktoberfest owasp owasp-juice-shop pentesting rootthebox rtb

Last synced: 08 Apr 2025

https://github.com/talsec/Free-RASP-Community

SDK providing app protection and threat monitoring for mobile devices. Works with Flutter, React Native, Android and iOS. Shield your app with free RASP. Detect reverse engineering, root (Magisk), jailbreak, Frida, emulators, bots, tampering and integrity issues, obfuscation, VPN usage, malware, and monitor device identification and fingerprint.

app-shielding application-security appsec attack-detection cloning flutter-rasp flutter-security fraud-detection freerasp frida-detection hooking rasp rasp-library repackaging-detection reverse-engineering security-hardening security-tools shadow-detection tampering-detection

Last synced: 03 Apr 2025

https://github.com/talsec/free-rasp-community

SDK providing app protection and threat monitoring for mobile devices. Works with Flutter, React Native, Android and iOS. Shield your app with free RASP. Detect reverse engineering, root (Magisk), jailbreak, Frida, emulators, bots, tampering and integrity issues, obfuscation, VPN usage, malware, and monitor device identification and fingerprint.

app-shielding application-security appsec attack-detection cloning flutter-rasp flutter-security fraud-detection freerasp frida-detection hooking rasp rasp-library repackaging-detection reverse-engineering security-hardening security-tools shadow-detection tampering-detection

Last synced: 30 Oct 2025

https://github.com/jassics/security-interview-questions

Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on

application-security cloud-security cybersecurity devsecops devsecops-interview-quesitons interview-preparation interview-questions security-interview-questions security-questions web-security-interview

Last synced: 16 Feb 2026

https://github.com/volkandindar/agartha

A Burp extension helps identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations, while also converting HTTP requests to JavaScript for enhanced XSS exploitation.

application-security appsec burp-extensions burpsuite cybersecurity hacking hacking-tool offensivesecurity offsec penetration-testing pentesting

Last synced: 13 May 2025

https://github.com/jassics/cybersecurity-roadmap

Skills and career roadmap for various security roles like application security, cloud security, DevSecOps, security engineer, security researchers, pentesting, api security, network security, mobile security and so on with helpful resources, guidelines

application-security aws-security career-development career-guide career-plan career-roadmaps cloud-security cybersecurity-awareness cybersecurity-career-path devsecops interview-questions network-security security security-automation security-questions security-tools

Last synced: 26 Jan 2026

https://github.com/m14r41/PentestingEverything

Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...

active-directory-security api-pentesting application-security appsec docker-security forensic-analysis infrastucture iot-security-testing mobile-pentesting network-security source-code thick-client wifi-hacking

Last synced: 18 Jul 2025

https://github.com/gaprogman/owaspheaders.core

Inject OWASP recommended HTTP Headers for increased security in a single line

application-security aspnetcore http-header middleware nuget owasp security

Last synced: 14 May 2025

https://github.com/GaProgMan/OwaspHeaders.Core

Inject OWASP recommended HTTP Headers for increased security in a single line

application-security aspnetcore http-header middleware nuget owasp security

Last synced: 16 Mar 2025

https://github.com/we45/ThreatPlaybook

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

application-security dast devsecops python sast threat-model

Last synced: 01 Apr 2025

https://github.com/abhi-r3v0/EVABS

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

android-app android-application-vulnerabilities android-ctf android-labs android-pentest android-security application-security ctf-challenges ctf-platform mobile-app mobile-ctf mobile-pentest mobile-security pentesting vulnerable

Last synced: 29 Apr 2025

https://github.com/tprynn/web-methodology

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

application-security appsec documentation security security-testing web web-application web-application-security

Last synced: 13 Feb 2026

https://github.com/simioni87/auth_analyzer

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

application-security auth authorization burp-extensions burp-plugin burpsuite pentest-tool portswigger

Last synced: 13 May 2025

https://github.com/brcyrr/CyberSecurityRoadmapSuggestions

This repository contains a list of roadmaps I created with my suggestions on LinkedIn and Twitter.🤞🏻😌

application-security certification cybersecurity devsecops infosec pentesting roadmap

Last synced: 16 Apr 2025

https://github.com/moeinfatehi/Backup-Finder

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)

application-security appsecurity backupfinder burp burp-extensions burpsuite burpsuite-extender data-leakage owasp owasp-top-10 owasp-top-ten penetration-testing pentesting portswigger sensitive-data-exposure

Last synced: 13 May 2025

https://github.com/yevh/vulnplanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3

Last synced: 02 Jul 2025

https://github.com/yevh/VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3

Last synced: 04 Sep 2025

https://github.com/pbnj/infosec-interview-questions

🗒️ A [work-in-progress] collection for interview questions for Information Security roles

application-security blue-team information-security infosec interview questions red-team

Last synced: 18 Jan 2026

https://github.com/rishuranjanofficial/JWTweak

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

application-security appsec authentication authorization automation bugbounty jwt jwt-algorithm jwt-algorithm-confusion-attack jwt-tokens pentesting python security-enthusiasts vulnerability-assessment

Last synced: 11 Jul 2025

https://github.com/treblle/security-headers

A collection of HTTP middleware classes to improve the security headers in your Laravel application

application-security backend classes collection http laravel laravel-package middleware php security-headers

Last synced: 09 Apr 2025

https://github.com/Treblle/security-headers

A collection of HTTP middleware classes to improve the security headers in your Laravel application

application-security backend classes collection http laravel laravel-package middleware php security-headers

Last synced: 14 Apr 2025

https://github.com/keramas/mssqli-duet

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

active-directory application-security burp-extensions burp-plugin mssql penetration-testing sql-injection user-enumeration windows

Last synced: 19 Oct 2025

https://github.com/Keramas/mssqli-duet

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

active-directory application-security burp-extensions burp-plugin mssql penetration-testing sql-injection user-enumeration windows

Last synced: 02 Apr 2025

https://github.com/shivasurya/code-pathfinder

An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code.

ai-agents ai-sast application-security code-scanning sast security security-tools static-analysis static-code-analysis structural-search

Last synced: 08 Feb 2026

https://github.com/Commando-X/vuln-bank

A deliberately vulnerable banking application designed for practicing secure code reviews and API security testing. Features common vulnerabilities found in real-world applications, making it an ideal platform for security professionals, developers, and enthusiasts to learn security testing and secure coding practices in a safe environment.

application-security devsecops penetration-testing secure-coding

Last synced: 09 Mar 2025

https://github.com/appsecco/VyAPI

VyAPI - A cloud based vulnerable hybrid Android App

application-security aws-cognito mobile-security vulnerable-app

Last synced: 11 Jul 2025

https://github.com/appsecco/using-docker-kubernetes-for-automating-appsec-and-osint-workflows

Repository for all the workshop content delivered at nullcon X on 1st of March 2019

application-security docker kubernetes kubernetes-cluster minio nats osint zap

Last synced: 11 Jul 2025

https://github.com/jaiswalakshansh/Vuldroid

Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code

android-application android-security application-security deeplink vulnerable-application webview-xss

Last synced: 22 Apr 2025

https://github.com/dosx-dev/html-guard

Protect your web-application with Dynamic Style Loading and Real-Time Obfuscation. Easy to use!

application-security css drm easy-to-use framework guard html js module obfuscator protection react reactjs security static vuejs web website

Last synced: 07 May 2025

https://github.com/nikhil1232/Bucket-Flaws

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

application-security aws-s3 bucket bug-bounty bugbounty s3 s3-bucket s3-buckets security-misconfiguration wapt

Last synced: 12 Jul 2025

https://github.com/rusakovichma/TicTaaC

Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used

application-security appsec devsecops secure-development threat threat-model threat-modeling threat-modeling-from-code threat-modeling-tool threat-models

Last synced: 13 May 2025

https://github.com/vs4vijay/scanmaster

A security tool designed to perform thorough scans on a target using OpenVAS, Zap, and Nexpose. It seamlessly consolidates and integrates the scan results, providing a comprehensive overview of the security vulnerabilities identified.

application-security cli nexpose openvas openvas-cli openvas-reports owasp owasp-top owasp-zap security-audit security-scanner security-testing security-tools security-vulnerability web-application-security zap

Last synced: 29 Apr 2025

https://github.com/paulveillard/cybersecurity-application-security

An ongoing & curated collection of awesome software practices and remediation, libraries and frameworks,payloads and techniques, best guidelines and technical resources about Application Security

application application-security appsec developer-security endpoint-security mdm-server mobilesecurity security-advisory security-hardening security-scanner security-testing security-tools security-vulnerability vulnerability-scanners web-security web-security-research

Last synced: 10 Apr 2025

https://github.com/rbidou/pyrasp

PyRASP is a Runtime Application Self Protection package for Python-based Web Servers (Flask, FastAPI and Django), Serverless Functions (AWS Lambda, Azure and Google Cloud Functions) and MCP Servers (FastMCP)

application-security aws-lambda azure-functions django fastapi fastmcp flask gcp-cloud-functions mcp mcp-servers rasp runtime-security security

Last synced: 14 Dec 2025

https://github.com/bkimminich/webappsec-nutshell

An ultra-compact intro (or refresher) to Web Application Security.

application-security owasp security security-awareness training-materials web-application-security

Last synced: 04 Sep 2025

https://github.com/jassics/cybersecurity-slides

Collection of mine and others presentations on various topics like application security, python, cloud security, DevSecOps and so on... These are free to use and publicly available slides. But, don't forget to give the credit to the owners!

application-security aws cybersecurity-awareness cybersecurity-training devsecops learning-materials learning-resources presentations security security-presentations security-slides slides threat-modeling web-security

Last synced: 27 Apr 2025