#Application-security

Showing 60 of 82 repositories tagged #application-security, ranked by stars

OWASP
OWASP
CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Score
100
★ 32.5k ⑂ 4.5k +5/day
Python
chaitin
chaitin
SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Score
0
★ 21.7k ⑂ 1.4k +40/day
Go
juice-shop
juice-shop
juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Score
100
★ 13.5k ⑂ 18.6k +3/day
TypeScript
OWASP
OWASP
wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Score
98
★ 9.6k ⑂ 1.6k +16/day
paragonie
paragonie
awesome-appsec

A curated list of resources for learning about application security

Score
88
★ 7.0k ⑂ 797 +7/day
PHP
urbanadventurer
urbanadventurer
WhatWeb

Next generation web scanner

Score
97
★ 6.7k ⑂ 999 +14/day
Ruby
jassics
jassics
security-study-plan

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

Score
95
★ 5.0k ⑂ 628 +3/day
ComplianceAsCode
ComplianceAsCode
content

Security automation content in SCAP, Bash, Ansible, and other formats

Score
93
★ 2.8k ⑂ 813
Shell
user1342
user1342
Awesome-Android-Reverse-Engineering

A curated list of awesome Android Reverse Engineering training, resources, and tools.

Score
100
★ 2.4k ⑂ 262 +10/day
metlo-labs
metlo-labs
metlo

Metlo is an open-source API security platform.

Score
77
★ 1.8k ⑂ 105
TypeScript
jakob-pennington
jakob-pennington
awesome-devsecops

Curating the best DevSecOps resources and tooling.

Score
50
★ 1.7k ⑂ 243 +4/day
Safe3
Safe3
uusec-waf

Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

Score
92
★ 1.7k ⑂ 168 +2/day
Shell
openappsec
openappsec
openappsec

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Score
100
★ 1.6k ⑂ 127 +3/day
C++
Janusec
Janusec
janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

Score
78
★ 1.2k ⑂ 268
Go
sh4hin
sh4hin
Androl4b

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Score
73
★ 1.2k ⑂ 265 +1/day
guardrailsio
guardrailsio
awesome-php-security

Awesome PHP Security Resources 🕶🐘🔐

Score
65
★ 1.0k ⑂ 98
appsecco
appsecco
breaking-and-pwning-apps-and-servers-aws-azure-training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Score
68
★ 952 ⑂ 255
CSS
bloodzer0
bloodzer0
ossa

Open-Source Security Architecture | 开源安全架构

Score
67
★ 942 ⑂ 217
wallarm
wallarm
awesome-nginx-security

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

Score
58
★ 783 ⑂ 75 +2/day
Commando-X
Commando-X
vuln-bank

A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-world applications, making it an ideal platform for security professionals, developers, and enthusiasts to learn pentesting and secure coding practices.

Score
90
★ 779 ⑂ 289 +6/day
HTML
MattKeeley
MattKeeley
Spoofy

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

Score
50
★ 768 ⑂ 82
Python
rewanthtammana
rewanthtammana
Damn-Vulnerable-Bank

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

Score
80
★ 752 ⑂ 238
Java
olacabs
olacabs
jackhammer

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Score
62
★ 741 ⑂ 164
Java
zinja-coder
zinja-coder
jadx-mcp-server

MCP server for JADX-AI Plugin

Score
100
★ 691 ⑂ 113
Python
Anof-cyber
Anof-cyber
Application-Security

Resources for Application Security including Web, API, Android, iOS and Thick Client

Score
40
★ 686 ⑂ 62
brcyrr
brcyrr
PracticalCyberSecurityResources

This repository contains a curated list of resources I suggest on LinkedIn and Twitter.📝🌝

Score
57
★ 665 ⑂ 100
Cy-clon3
Cy-clon3
awesome-ios-security

A curated list of awesome iOS application security resources.

Score
60
★ 662 ⑂ 80
factionsecurity
factionsecurity
faction

Pen Test Report Generation and Assessment Collaboration

Score
87
★ 595 ⑂ 63
Java
0xn3va
0xn3va
cheat-sheets

A list of cheat sheets for application security

Score
20
★ 515 ⑂ 61
juice-shop
juice-shop
juice-shop-ctf

Tool to export Juice Shop challenges and hints in data format compatible with CTFd, RootTheBox or FBCTF

Score
83
★ 473 ⑂ 138
TypeScript
jassics
jassics
security-interview-questions

Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on

Score
85
★ 468 ⑂ 94
enkomio
enkomio
Taipan

Web application vulnerability scanner

Score
47
★ 463 ⑂ 91
flipkart-incubator
flipkart-incubator
watchdog

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Score
45
★ 430 ⑂ 102
Python
jassics
jassics
cybersecurity-roadmap

Skills and career roadmap for various security roles like application security, cloud security, DevSecOps, security engineer, security researchers, pentesting, api security, network security, mobile security and so on with helpful resources, guidelines

Score
80
★ 427 ⑂ 59 +2/day
paragonie
paragonie
airship

Secure Content Management for the Modern Web - "The sky is only the beginning"

Score
43
★ 414 ⑂ 37
PHP
volkandindar
volkandindar
agartha

A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations. It supports dynamic payload generation, including BCheck syntax, and can automatically generate Bambdas scripts. Additionally, it offers "Copy as JavaScript" to convert HTTP requests for enhanced XSS testing.

Score
82
★ 400 ⑂ 81
Python
SpamScope
SpamScope
spamscope

Fast Advanced Spam Analysis Tool

Score
25
★ 311 ⑂ 60
Python
Karmaz95
Karmaz95
crimson

Web Application Security Testing Tools

Score
38
★ 252 ⑂ 51
Python
neelkanthk
neelkanthk
laravel-surveillance

Put malicious users, IP addresses and anonymous browser fingerprints under surveillance, log the URLs they visit and block malicious ones from accessing the Laravel app.

Score
33
★ 227 ⑂ 17
PHP
abhi-r3v0
abhi-r3v0
EVABS

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

Score
0
★ 224 ⑂ 44
CMake
Anof-cyber
Anof-cyber
PyCript

Burp Suite extension to decrypt/encrypt any encrypted traffic (AES/RSA/Encodings and more) with custom code in any language

Score
70
★ 220 ⑂ 34
Java
brcyrr
brcyrr
CyberSecurityRoadmapSuggestions

This repository contains a list of roadmaps I created with my suggestions on LinkedIn and Twitter.🤞🏻😌

Score
35
★ 215 ⑂ 29
SecurityRAT
SecurityRAT
SecurityRAT

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Score
0
★ 191 ⑂ 53
JavaScript
lucideus-repo
lucideus-repo
UnSAFE_Bank

Vulnerable Banking Suite

Score
55
★ 173 ⑂ 108 +1/day
PHP
Agent-Field
Agent-Field
sec-af

AI-native code security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.

Score
100
★ 170 ⑂ 37
Python
Hainrixz
Hainrixz
cyber-neo

Open-source cybersecurity analysis agent for Claude Code. Scans projects for vulnerabilities across all OWASP 2025 Top 10 and CWE Top 25 categories. 11 security domains, 60+ secret patterns, parallel subagent analysis, professional report generation. Built by tododeia.com

Score
72
★ 167 ⑂ 21 +2/day
Python
yevh
yevh
VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

Score
0
★ 166 ⑂ 24
moeinfatehi
moeinfatehi
Backup-Finder

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)

Score
28
★ 166 ⑂ 27 +1/day
Java
chtrembl
chtrembl
azure-cloud

Here you will find various Azure Demos & Tutorials that I've put together for Azure Cloud using DevOps, Container Services and other PaaS offerings.

Score
75
★ 150 ⑂ 328
Java
security-prince
security-prince
Resources-for-Application-Security

Some good resources for getting started with application security

Score
25
★ 149 ⑂ 22
ChrisM-X
ChrisM-X
PortSwigger-Academy-CheatSheets

This repository contains cheatsheets and payloads compiled from completing the labs at PortSwigger Academy.

Score
30
★ 140 ⑂ 54
Python
shivasurya
shivasurya
code-pathfinder

Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP

Score
75
★ 138 ⑂ 16
Go
moeinfatehi
moeinfatehi
Admin-Panel_Finder

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

Score
23
★ 122 ⑂ 21
Java
moeinfatehi
moeinfatehi
xss_vulnerability_challenges

this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.

Score
20
★ 118 ⑂ 16
PHP
praetorian-inc
praetorian-inc
vespasian

API discovery tool that maps attack surfaces from captured traffic and generates specs for REST, GraphQL, SOAP, and WebSocket APIs

Score
63
★ 106 ⑂ 6
Go
Warxim
Warxim
vucsa

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.

Score
22
★ 101 ⑂ 28
Java
rishuranjanofficial
rishuranjanofficial
JWTweak

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Score
0
★ 100 ⑂ 19
Python
dm-fedorov
dm-fedorov
cybersecurity-roadmap

Схема карьерных треков в кибербезопасности

Score
32
★ 99 ⑂ 20
war-and-code
war-and-code
jawfish

Tool for breaking into web applications.

Score
18
★ 94 ⑂ 18
Python
Keramas
Keramas
mssqli-duet

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

Score
17
★ 91 ⑂ 18
Python
Related Topics
#security#pentesting#penetration-testing#owasp#cybersecurity#appsec#hacking#security-tools#infosec#devsecops#bugbounty#waf

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly