#Application-security
Showing 60 of 82 repositories tagged #application-security, ranked by stars
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
A curated list of resources for learning about application security
Next generation web scanner
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
Security automation content in SCAP, Bash, Ansible, and other formats
A curated list of awesome Android Reverse Engineering training, resources, and tools.
Metlo is an open-source API security platform.
Curating the best DevSecOps resources and tooling.
Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Awesome PHP Security Resources 🕶🐘🔐
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
Open-Source Security Architecture | 开源安全架构
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-world applications, making it an ideal platform for security professionals, developers, and enthusiasts to learn pentesting and secure coding practices.
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
MCP server for JADX-AI Plugin
Resources for Application Security including Web, API, Android, iOS and Thick Client
This repository contains a curated list of resources I suggest on LinkedIn and Twitter.📝🌝
A curated list of awesome iOS application security resources.
Pen Test Report Generation and Assessment Collaboration
A list of cheat sheets for application security
Tool to export Juice Shop challenges and hints in data format compatible with CTFd, RootTheBox or FBCTF
Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on
Web application vulnerability scanner
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Skills and career roadmap for various security roles like application security, cloud security, DevSecOps, security engineer, security researchers, pentesting, api security, network security, mobile security and so on with helpful resources, guidelines
Secure Content Management for the Modern Web - "The sky is only the beginning"
A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations. It supports dynamic payload generation, including BCheck syntax, and can automatically generate Bambdas scripts. Additionally, it offers "Copy as JavaScript" to convert HTTP requests for enhanced XSS testing.
Fast Advanced Spam Analysis Tool
Web Application Security Testing Tools
Put malicious users, IP addresses and anonymous browser fingerprints under surveillance, log the URLs they visit and block malicious ones from accessing the Laravel app.
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Burp Suite extension to decrypt/encrypt any encrypted traffic (AES/RSA/Encodings and more) with custom code in any language
This repository contains a list of roadmaps I created with my suggestions on LinkedIn and Twitter.🤞🏻😌
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Vulnerable Banking Suite
AI-native code security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.
Open-source cybersecurity analysis agent for Claude Code. Scans projects for vulnerabilities across all OWASP 2025 Top 10 and CWE Top 25 categories. 11 security domains, 60+ secret patterns, parallel subagent analysis, professional report generation. Built by tododeia.com
Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)
A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
Here you will find various Azure Demos & Tutorials that I've put together for Azure Cloud using DevOps, Container Services and other PaaS offerings.
Some good resources for getting started with application security
This repository contains cheatsheets and payloads compiled from completing the labs at PortSwigger Academy.
Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.
API discovery tool that maps attack surfaces from captured traffic and generates specs for REST, GraphQL, SOAP, and WebSocket APIs
Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.
Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Схема карьерных треков в кибербезопасности
Tool for breaking into web applications.
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing