#Owasp
Showing 60 of 193 repositories tagged #owasp, ranked by stars
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
A collection of hacking / penetration testing resources to make you better!
In-depth attack surface mapping and asset discovery
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
A list of web application security
A curated list of resources for learning about application security
Next generation web scanner
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground ๐
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Open-Source Unified Vulnerability Management, DevSecOps & ASPM
AI Agent Governance Toolkit โ Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
๐ ๐ Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
OWASP CRS (Official Repository)
Awesome Node.js Security resources
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Automated Security Testing For REST API's
Full-stack .Net 10 Clean Architecture (Microservices, Modular Monolith, Monolith), Blazor, Angular 22, React 19, Vue 3.5, BFF with YARP, NextJs 16, Domain-Driven Design, CQRS, SOLID, Asp.Net Core Identity Custom Storage, OpenID Connect, EF Core, OpenTelemetry, SignalR, Background Services, Health Checks, Rate Limiting, Clouds (Azure, AWS, GCP), ...
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
OWASP Web Application Security Testing Checklist
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
Vulnerable app with examples showing how to not use secrets
Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.
A Huge Learning Resources with Labs For Offensive Security Players
vacuum is the worlds fastest and most versatile OpenAPI, AsyncAPI & JSON Schema linter, docs generator and toolkit. It tears through API specs at light speed. 100% compatible with Spectral rulesets, and OpenAPI 3.0, 3.1 and 3.2
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server
secureCodeBox (SCB) - continuous secure delivery out of the box
Vulnerability Patterns Detector for C# and VB.NET
๐ก Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
JavaSecLab is a comprehensive Java vulnerability platform๏ฝโ JavaSecLabๆฏไธๆฌพ็ปผๅๅJavaๆผๆดๅนณๅฐ๏ผๆไพ็ธๅ ณๆผๆด็ผบ้ทไปฃ็ ใไฟฎๅคไปฃ็ ใๆผๆดๅบๆฏใๅฎก่ฎกSINK็นใๅฎๅ จ็ผ็ ่ง่๏ผ่ฆ็ๅค็งๆผๆดๅบๆฏ๏ผๅๅฅฝ็จๆทไบคไบUIโฆโฆ
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)
๐A Curated List Of Modern Android Exploitation Conference Talks
Damn Vulnerable NodeJS Application
CLI security scanner built for the agentic era. Detects CI/CD misconfigs, agent permission risks, MCP tool injection, hardcoded secrets, and DMCA-flagged AI dependencies.
Integrates Dependency-Check reports into SonarQube
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking
OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
A collection of higher-level reusable cdk constructs
Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remediation guidance.
OWASP Foundation Web Respository
VULNRฮPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/DOCX, attachments, automatic changelog, stats, vulnerability management, bugbounty, local ai/llm, super fast pentest reporting!
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
ๅฎๆ SRC / ไผๆต / Bug bounty ๆผๆดๆๆ Claude Code skill โ 19 ไธชๆปๅป็ฑป playbookใ305 ไธช็ปๆๅ payloadใ263 ไธช WAF/EDR ็ป่ฟใ2887 ไปฝ HackerOne ็ๅฎๆกไพใ88,636 WooYun ๆกไพ็ป่ฎก
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX