#Owasp-top-10
Showing 45 of 45 repositories tagged #owasp-top-10, ranked by stars
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
A Huge Learning Resources with Labs For Offensive Security Players
A laboratory for learning secure web and mobile development in a practical manner.
Damn Vulnerable NodeJS Application
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
API Security Vulnerability Scanner designed to help you secure your APIs.
Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.
IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.
A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.
phpMyAdmin XSS
AspGoat is an intentionally vulnerable ASP.NET Core application for learning and practicing web application security.
Automated API security testing
Non-official write up for the Juice-Shop CTF
OWASP Citizen Development Top 10
A Deliberately Insecure Web Application
VS Code extension that streamlines development workflows through AI-powered task execution, intelligent file management, and automated code generation. Built on Cline, it integrates with various LLMs to enhance productivity and code quality while simplifying complex development tasks.
Vulnerable API for research and education
This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios).
Welcome SecToolkit repository! This is a comprehensive collection of cybersecurity and bug bounty hunting topics. Here, you'll find a variety of resources, notes, and practical projects aimed at enhancing knowledge and skills in identifying and mitigating security vulnerabilities.
My notes from courses,books ..etc
SQL Injection Payloads List.
Secure GitHub actions with 1 line of code
Kevlar Benchmark: OWASP Top 10 for Agentic Apps (AI-Agents) 2026 a Red Team Benchmark
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
This repository contains writeups for Damn Vulnerable Web Application (DVWA). --------------------------------- Updated writeups and blogs are at: https://github.com/Aftab700/aftab700.github.io
RayScan 1.0 — 开箱即用的 Web 漏洞扫描器 | SQL注入 / XSS / 命令注入 / LFI / SSRF / XXE / RCE / API安全 | 11个检测模块 | CLI + Web UI 双模式 | Metasploitable 2 实战验证发现83漏洞
Securing LLM's Against Top 10 OWASP Large Language Model Vulnerabilities 2024
All Type Of Tools written in multipule language .
🔒 Intentionally vulnerable ASP.NET Core app for hands-on web security & penetration testing practice
A reinforced version of the Wavsep evaluation platform.
App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.
This repository documents my hands on experience and assignments during the Columbia University Cybersecurity Program. It includes home labs related to network security, penetration testing, and defensive security
My cyber security notes.
🐞 Understand how cross-site scripting occurs, how to detect and exploit XSS vulnerabilities, giving you control of other visitor's browsers.
Authorized web application security testing platform built with Django, React, Celery, and Redis.
AI Cyber Range – OWASP Top 10 for LLMs is a cutting-edge AI Penetration Testing Lab engineered to simulate real-world LLM vulnerabilities in a safe, automated, Docker-powered environment.