Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Projects in Awesome Lists tagged with appsec
A curated list of projects in awesome lists tagged with appsec .
https://github.com/owasp/cheatsheetseries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
application-security appsec best-practices cheatsheets code owasp security
Last synced: 28 Oct 2024
https://github.com/OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
application-security appsec best-practices cheatsheets code owasp security
Last synced: 24 Oct 2024
https://github.com/zaproxy/zaproxy
The ZAP by Checkmarx Core project
appsec dast hacktoberfest security security-scanner zap zap-development zaproxy
Last synced: 16 Dec 2024
https://github.com/chaitin/safeline
serve as a reverse proxy to protect your web services from attacks and exploits.
api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss
Last synced: 16 Dec 2024
https://github.com/chaitin/SafeLine
serve as a reverse proxy to protect your web services from attacks and exploits.
api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss
Last synced: 29 Oct 2024
https://github.com/maurosoria/dirsearch
Web path scanner
appsec brute bug-bounty bugbounty dirsearch enumeration fuzzer fuzzing hacking hacking-tool infosec penetration-testing pentest-tool pentesting python red-teaming redteam scanner security wordlist
Last synced: 16 Dec 2024
https://github.com/juice-shop/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Last synced: 16 Dec 2024
https://bkimminich.github.io/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Last synced: 27 Oct 2024
https://github.com/OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security
Last synced: 01 Nov 2024
https://github.com/owasp/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security
Last synced: 04 Dec 2024
https://github.com/urbanadventurer/whatweb
Next generation web scanner
application-security appsec hacking hacking-tools kali-linux network-security owasp penetration-test penetration-testing penetration-testing-tools pentest pentesting pentesting-tools recon ruby scanner security security-tools web web-hacking
Last synced: 17 Dec 2024
https://github.com/urbanadventurer/WhatWeb
Next generation web scanner
application-security appsec hacking hacking-tools kali-linux network-security owasp penetration-test penetration-testing penetration-testing-tools pentest pentesting pentesting-tools recon ruby scanner security security-tools web web-hacking
Last synced: 26 Oct 2024
https://github.com/infobyte/faraday
Open Source Vulnerability Management Platform
appsec burpsuite collaboration continuous-scanning cve cybersecurity devops devsecops infosec nessus nmap orchestration penetration-testing pentesting security security-audit security-automation vulnerability vulnerability-management vulnerability-scanners
Last synced: 16 Dec 2024
https://github.com/andresriancho/w3af
w3af: web application attack and audit framework, the open source web vulnerability scanner.
appsec cross-site-scripting scanner security sql-injection
Last synced: 19 Dec 2024
https://github.com/microsoft/security-101
8 Lessons, Kick-start Your Cybersecurity Learning.
appsec cia-triad data-protection data-security iam identity risk-management secops security threat-modeling zero-trust
Last synced: 17 Dec 2024
https://github.com/jassics/security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
api-security application-security appsec appsec-tutorials aws-security azure-security cybersecurity cybersecurity-education devsecops-university gcp-security infosec pentesting security-testing study-guide study-plan study-planner
Last synced: 05 Dec 2024
https://github.com/microsoft/Security-101
8 Lessons, Kick-start Your Cybersecurity Learning.
appsec cia-triad data-protection data-security iam identity risk-management secops security threat-modeling zero-trust
Last synced: 20 Nov 2024
https://github.com/DefectDojo/django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
analytics appsec automation devsecops django hacktoberfest kubernetes owasp python security security-automation security-orchestration vulnerability-correlation vulnerability-databases vulnerability-management
Last synced: 02 Nov 2024
https://github.com/defectdojo/django-defectdojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
analytics appsec automation devsecops django hacktoberfest kubernetes owasp python security security-automation security-orchestration vulnerability-correlation vulnerability-databases vulnerability-management
Last synced: 17 Dec 2024
https://github.com/foospidy/payloads
Git All the Payloads! A collection of web attack payloads.
appsec cybersecurity hacking passwords payload payloads pentest sqli web-attack-payloads xss
Last synced: 19 Dec 2024
https://github.com/openziti/ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
appsec golang mesh netsec network networking overlay overlay-network secure-networking vpn vpn-2 zero-trust zero-trust-cloud zero-trust-network zero-trust-network-access zero-trust-security zerotrust ztaa ztha ztna
Last synced: 17 Dec 2024
https://github.com/dependencytrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
appsec bill-of-materials bom component-analysis cyclonedx devsecops hacktoberfest nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulnerabilities vulnerability-detection
Last synced: 18 Dec 2024
https://github.com/DependencyTrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
appsec bill-of-materials bom component-analysis cyclonedx devsecops hacktoberfest nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulnerabilities vulnerability-detection
Last synced: 01 Nov 2024
https://github.com/checkmarx/kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners
Last synced: 24 Oct 2024
https://github.com/Checkmarx/kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners
Last synced: 25 Oct 2024
https://github.com/bearer/bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec code-quality compliance dataflow devsecops devsecops-tools gdpr owasp privacy sast security security-audit security-automation security-scanner security-tools static-analysis static-code-analysis vulnerabilities vulnerability
Last synced: 24 Oct 2024
https://github.com/Bearer/bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec code-quality compliance dataflow devsecops devsecops-tools gdpr owasp privacy sast security security-audit security-automation security-scanner security-tools static-analysis static-code-analysis vulnerabilities vulnerability
Last synced: 02 Nov 2024
https://github.com/summitt/Nope-Proxy
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
appsec appsecurity burp-extensions burp-plugin burpsuite burpsuite-extender hacking mitmproxy pentesting protobuf proxy tcp tcpproxy udp updproxy websockets
Last synced: 19 Nov 2024
https://github.com/webpwnized/mutillidae
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
10 application appsec cybersecurity owasp owasp-top-10 penetration-testing security top training web
Last synced: 19 Dec 2024
https://github.com/roottusk/vapi
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
api apitop10 appsec appsec-tutorials bugbounty cors docker exercises hacktoberfest hacktoberfest-accepted owasp owasp-top-10 owasp-top-ten php postman vulnerable-application
Last synced: 21 Dec 2024
https://github.com/httpvoid/writeups
appsec security security-vulnerability
Last synced: 05 Dec 2024
https://github.com/owasp/www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
appsec community-project owasp
Last synced: 04 Dec 2024
https://github.com/Soluto/kamus
An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
appsec devops gitops kms kubernetes kubernetes-secrets soluto-open-source
Last synced: 01 Nov 2024
https://github.com/ayoubfathi/leaky-paths
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
appsec axiom bugbounty dirbuster dirsearch ffuf fuzzing hacktoberfest meg nuclei penetration-testing pentest recon redteam redteaming security security-tools subfinder wayback-machine wordlist
Last synced: 21 Nov 2024
https://github.com/openappsec/openappsec
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
api-security application-security appsec devsecops kong kubernetes nginx nginx-proxy-manager owasp owasp-top-ten rate-limiting security-tools threat-prevention waf web-application-firewall
Last synced: 06 Nov 2024
https://github.com/owasp/railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
appsec owasp-top rails ruby ruby-on-rails security vulnerabilities
Last synced: 19 Dec 2024
https://github.com/OWASP/railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
appsec owasp-top rails ruby ruby-on-rails security vulnerabilities
Last synced: 27 Oct 2024
https://github.com/numirias/security
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
Last synced: 16 Nov 2024
https://github.com/owasp/owasp-vwad
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
appsec owasp vulnerable vulnerable-web-app vulnerable-web-application
Last synced: 03 Nov 2024
https://github.com/OWASP/OWASP-VWAD
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
appsec owasp vulnerable vulnerable-web-app vulnerable-web-application
Last synced: 10 Nov 2024
https://github.com/zaproxy/zap-extensions
ZAP Add-ons
appsec dast hacktoberfest security security-scanner zap zaproxy
Last synced: 03 Nov 2024
https://github.com/ShiftLeftSecurity/sast-scan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
appsec dependency-scan devsecops license-scan sast scanners workflow
Last synced: 06 Nov 2024
https://github.com/anof-cyber/application-security
Resources for Application Security including Web, API, Android, iOS and Thick Client
android application-security appsec bugbounty cybersecurity hacking infosec penetration-testing penetration-testing-notes pentesting security security-testing
Last synced: 21 Dec 2024
https://github.com/datadog/dd-trace-go
Datadog Go Library including APM tracing, profiling, and security monitoring.
apm appsec datadog distributed-tracing monitoring opentelemetry opentracing otel performance profiling tracing
Last synced: 16 Dec 2024
https://github.com/DataDog/dd-trace-go
Datadog Go Library including APM tracing, profiling, and security monitoring.
apm appsec datadog distributed-tracing monitoring opentelemetry opentracing otel performance profiling tracing
Last synced: 31 Oct 2024
https://github.com/Anof-cyber/Application-Security
Resources for Application Security including Web, API, Android, iOS and Thick Client
android application-security appsec bugbounty cybersecurity hacking infosec penetration-testing penetration-testing-notes pentesting security security-testing
Last synced: 29 Oct 2024
https://github.com/security-prince/Application-Security-Engineer-Interview-Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
application-security appsec devsecops infosec interview-questions sdlc security-engineer-interview security-engineering security-team vulnerability webappsec websec websecurity websecurity-reference xss
Last synced: 08 Nov 2024
https://github.com/mobsf/mobsfscan
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
android appsec codereview ios java kotlin mobile-sast objective-c sast security static-analysis swift
Last synced: 21 Dec 2024
https://github.com/oversecured/ovaa
Oversecured Vulnerable Android App
android-security appsec mobile-security vulnerable-android-apps vulnerable-application
Last synced: 06 Nov 2024
https://github.com/MattKeeley/Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
application-security appsec cybersecurity deliverability dmarc email-security emails infosec penetration-testing penetration-testing-tools pentesting phishing python python3 redteam security spf
Last synced: 04 Nov 2024
https://github.com/dependency-check/dependency-check-sonar-plugin
Integrates Dependency-Check reports into SonarQube
appsec component-analysis nvd owasp security software-security sonar-plugin sonarqube visibility vulnerabilities vulnerable-components
Last synced: 19 Nov 2024
https://github.com/TheHackerDev/race-the-web
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
appsec devops-tools infosec race-conditions security security-tools
Last synced: 03 Nov 2024
https://github.com/blacklanternsecurity/badsecrets
A library for detecting known secrets across many web frameworks
appsec asp-net cryptography django express-js flask javaserver-faces jwt peoplesoft python rails secrets security symfony telerik-ui
Last synced: 12 Dec 2024
https://github.com/Privado-Inc/privado
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
android-privacy-tools appsec compliance devprivops devsecops gdpr gdpr-compliant hacktoberfest play-store-data-safety privacy-by-design privacy-engineering privacy-labels privacy-policy static-analysis
Last synced: 01 Nov 2024
https://github.com/payloadbox/rfi-lfi-payload-list
🎯 RFI/LFI Payload List
application-security appsec bug-bounty bugbounty lfi lfi-exploitation lfi-vulnerability payload payload-list payloads rfi rfi-exploiton rfi-vulnerabillity security security-research security-researcher security-researchers web-application-security web-hacking websecurity
Last synced: 15 Nov 2024
https://github.com/datadog/dd-trace-php
Datadog PHP Clients
apm appsec asm datadog open-telemetry opentracing php profiling tracing
Last synced: 17 Dec 2024
https://github.com/TupleType/awesome-cicd-attacks
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
appsec awesome awesome-list bugbounty cicd cybersecurity devesecops hacking infosec offensive-security penetration-testing research tools
Last synced: 26 Sep 2024
https://github.com/OWASP/threat-model-cookbook
This project is about creating and publishing threat model examples.
appsec threat-model threat-modeling threat-modelling threat-models
Last synced: 09 Nov 2024
https://github.com/ajinabraham/njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
appsec codereview codescanner devsecops expressjs jslint lint linter njsscan nodejs nodejsscan nodesecurity python sast security security-tools semantic static-analysis static-analyzer staticanalysis
Last synced: 19 Dec 2024
https://github.com/talsec/Free-RASP-Community
SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.
app-shielding application-security appsec attack-detection cloning flutter-rasp flutter-security fraud-detection freerasp frida-detection hooking rasp rasp-library repackaging-detection reverse-engineering security-hardening security-tools shadow-detection tampering-detection
Last synced: 04 Nov 2024
https://github.com/talsec/free-rasp-community
SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.
app-shielding application-security appsec attack-detection cloning flutter-rasp flutter-security fraud-detection freerasp frida-detection hooking rasp rasp-library repackaging-detection reverse-engineering security-hardening security-tools shadow-detection tampering-detection
Last synced: 11 Nov 2024
https://github.com/volkandindar/agartha
A Burp extension helps identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations, while also converting HTTP requests to JavaScript for enhanced XSS exploitation.
application-security appsec burp-extensions burpsuite cybersecurity hacking hacking-tool offensivesecurity offsec penetration-testing pentesting
Last synced: 18 Nov 2024
https://github.com/JohnTroony/Blisqy
Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
appsec blind-sql-injection blisqy database-security exploitation john-ombagi sql sql-injection sql-payloads
Last synced: 21 Nov 2024
https://github.com/m14r41/PentestingEverything
Penetration Testing For - Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting, etc...
active-directory-security api-pentesting application-security appsec docker-security forensic-analysis infrastucture iot-security-testing mobile-pentesting network-security source-code thick-client wifi-hacking
Last synced: 25 Nov 2024
https://github.com/sasanlabs/vulnerableapp
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
appsec burpsuite css hacktoberfest java javascript learn-security owasp owasp-zap payload-testing practice-hacking spring-boot test-vulnerability-scanning-tools vulnerability vulnerability-scanning vulnerable-application
Last synced: 20 Dec 2024
https://github.com/SasanLabs/VulnerableApp
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
appsec burpsuite css hacktoberfest java javascript learn-security owasp owasp-zap payload-testing practice-hacking spring-boot test-vulnerability-scanning-tools vulnerability vulnerability-scanning vulnerable-application
Last synced: 21 Nov 2024
https://github.com/mercedes-benz/sechub
SecHub provides a central API to test software with different security tools.
api appsec build client continuous-integration dast k8s orchestration rest sast sdlc secdevops sechub security security-automation security-scanner security-testing security-tools server vulnerability-scanners
Last synced: 21 Dec 2024
https://github.com/albuch/sbt-dependency-check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
appsec cve devops devsecops infosec nvd owasp owasp-dependencycheck sbt sbt-plugin scala security security-audit security-automation software-composition-analysis software-security static-analysis vulnerabilities vulnerability-scanners
Last synced: 21 Nov 2024
https://github.com/ispras/casr
Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
afl aflplusplus apport appsec coredump crash crash-reporting devsecops dynamic-analysis exploitable fuzzing gdb libfuzzer rust sdl security ssdlc testing triage vulnerability-management
Last synced: 18 Dec 2024
https://github.com/dschadow/JavaSecurity
Java web and command line applications demonstrating various security topics
appsec cryptography csp csrf esapi google-tink java java-security java-web owasp security security-topics spring spring-boot spring-security xss
Last synced: 12 Dec 2024
https://github.com/iamthefrogy/nerdbug
Full Nuclei automation script with logic explanation.
application-security appsec automation bugbounty bugbounty-bot bugbountytips nuclei nuclei-templates security-tools
Last synced: 21 Nov 2024
https://github.com/stevespringett/nist-data-mirror
A simple Java command-line utility to mirror the CVE JSON data from NIST.
appsec cpe cve java nist nvd sca software-composition-analysis software-security
Last synced: 11 Nov 2024
https://github.com/tprynn/web-methodology
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
application-security appsec documentation security security-testing web web-application web-application-security
Last synced: 21 Nov 2024
https://github.com/enemy-submarine/pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
appsec bug-bounty dirbuster hacking netstalking penetration-testing pentest pentesting python scanner scanner-web security
Last synced: 31 Oct 2024
https://github.com/aeria-org/aeria
A CRUD engine for MongoDB with a Prisma-like schema definition language
aeria appsec bun deno javascript low-code mongodb node odm orm prisma rapid-development strong-typed typescript
Last synced: 21 Dec 2024
https://github.com/juxhindb/oob-server
A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
Last synced: 19 Dec 2024
https://github.com/softrams/bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
angular application-security appsec blue-team bugbounty express nodejs penetration-testing-tools pentesting red-team security-tool security-tools typeorm typescript vulnerability-assessment vulnerability-management vulnerability-report vulnerability-research webappsec
Last synced: 21 Nov 2024
https://github.com/doyensec/session-hijacking-visual-exploitation
Session Hijacking Visual Exploitation
appsec session-hijacking xss xss-exploitation
Last synced: 11 Nov 2024
https://github.com/skiptomyliu/solutions-bwapp
In progress rough solutions to bWAPP / bee-box
appsec bwapp csrf directory-traversal html-injection sql-injection xpath-injection xss
Last synced: 05 Dec 2024
https://github.com/klarna-incubator/gram
Gram is Klarna's own threat model diagramming tool
appsec cybersecurity infosec threat-modeling
Last synced: 19 Dec 2024
https://github.com/a0xnirudh/kurukshetra
Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
appsec infosec php secure-coding security
Last synced: 18 Nov 2024
https://github.com/Rezilion/mi-x
Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)
appsec security vulnerability-assessment vulnerability-validation
Last synced: 14 Nov 2024
https://github.com/andresriancho/websocket-fuzzer
HTML5 WebSocket message fuzzer
appsec fuzzing html5 websocket
Last synced: 14 Nov 2024
https://github.com/security-prince/resources-for-application-security
Some good resources for getting started with application security
application-security appsec appsec-tutorials ctf infosec infosec-reference owasp php-security security-engineering web-hacking websec websecurity websecurity-reference
Last synced: 18 Nov 2024
https://github.com/jenkinsci/dependency-check-plugin
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
appsec component-analysis devops jenkins-plugin nvd owasp owasp-dependencycheck security software-security visibility vulnerabilities
Last synced: 21 Dec 2024
https://github.com/ajinabraham/libsast
Generic SAST Library
appsec codeanalysis genericsast libsast patternmatch regex sast security semanticgrep semgrep static-analyzer staticanalysis
Last synced: 21 Dec 2024
https://github.com/omar2535/GraphQLer
🔍A dependency-aware GraphQL API fuzzing tool
api api-testing-framework appsec automated-testing cybersecurity graphql pentesting
Last synced: 26 Sep 2024
https://github.com/gosecure/template-injection-workshop
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
appsec codelabs freemarker injection jinja2 template tornado twig velocity vulnerable-web-app
Last synced: 05 Nov 2024
https://github.com/ManuelBerrueta/FlowAnalyzer
FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
appsec identity oauth oauth2 oidc openid openid-connect redteam security security-tools
Last synced: 04 Nov 2024
https://github.com/Anof-cyber/Pentest-Mapper
A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities
appsec bugbounty burp burp-extensions burp-plugin burpsuite burpsuite-extender burpsuite-tools infosec pentesting
Last synced: 18 Nov 2024
https://github.com/anof-cyber/pentest-mapper
A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities
appsec bugbounty burp burp-extensions burp-plugin burpsuite burpsuite-extender burpsuite-tools infosec pentesting
Last synced: 06 Nov 2024
https://github.com/faloker/purify
All-in-one tool for managing vulnerability reports from AppSec pipelines
appsec devsecops infosec nestjs secops security security-audit security-automation security-tools vuetify vulnerability-assessment vulnerability-management vulnerability-scanners
Last synced: 21 Nov 2024
https://github.com/rishuranjanofficial/JWTweak
Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
application-security appsec authentication authorization automation bugbounty jwt jwt-algorithm jwt-algorithm-confusion-attack jwt-tokens pentesting python security-enthusiasts vulnerability-assessment
Last synced: 21 Nov 2024
