Topic: appsec Goto Github

👇 Here are 349 public repositories matching this topic...

ajinabraham / njsscan
appsec,njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
User: ajinabraham
Home Page: https://opensecurity.in
nodejs expressjs sast staticanalysis devsecops codescanner linter security security-tools semantic

albuch / sbt-dependency-check
appsec,SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
User: albuch
sbt sbt-plugin owasp-dependencycheck cve scala vulnerabilities nvd appsec software-security security

andresriancho / w3af
appsec,w3af: web application attack and audit framework, the open source web vulnerability scanner.
User: andresriancho
Home Page: http://w3af.org/
scanner security appsec cross-site-scripting sql-injection

anof-cyber / application-security
appsec,Resources for Application Security including Web, API, Android, iOS and Thick Client
User: anof-cyber
android application-security appsec bugbounty cybersecurity hacking infosec penetration-testing penetration-testing-notes pentesting

ayoubfathi / leaky-paths
appsec,A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
User: ayoubfathi
fuzzing recon bugbounty pentest security security-tools nuclei dirsearch ffuf dirbuster

bearer / bearer
appsec,Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Organization: bearer
Home Page: https://docs.bearer.com
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast

blacklanternsecurity / badsecrets
appsec,A library for detecting known secrets across many web frameworks
Organization: blacklanternsecurity
appsec cryptography secrets asp-net django flask javaserver-faces jwt peoplesoft rails

checkmarx / kics
appsec,Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Organization: checkmarx
Home Page: https://kics.io
iac infrastructure-as-code security appsec cloudnative hacktoberfest devsecops golang security-tools vulnerability-detection

cider-security-research / cicd-goat
appsec,A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Organization: cider-security-research
appsec cicd devops infosec devsecops security jenkins ctf gitlab

datadog / dd-trace-go
appsec,Datadog Go Library including APM tracing, profiling, and security monitoring.
Organization: datadog
Home Page: https://docs.datadoghq.com/tracing/
tracing apm datadog opentracing appsec profiling distributed-tracing monitoring performance opentelemetry

datadog / dd-trace-php
appsec,Datadog PHP Clients
Organization: datadog
Home Page: https://docs.datadoghq.com/tracing/setup/php
datadog tracing apm opentracing php appsec asm open-telemetry profiling

defectdojo / django-defectdojo
appsec, DevSecOps, ASPM, Vulnerability Management. All on one platform.
Organization: defectdojo
Home Page: https://defectdojo.com
python vulnerability-databases django security owasp analytics vulnerability-management automation security-automation security-orchestration

dependency-check / dependency-check-sonar-plugin
appsec,Integrates Dependency-Check reports into SonarQube
Organization: dependency-check
owasp sonar-plugin nvd vulnerabilities component-analysis security visibility appsec sonarqube vulnerable-components

dependencytrack / dependency-track
appsec,Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Organization: dependencytrack
Home Page: https://dependencytrack.org/
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca

foospidy / payloads
appsec,Git All the Payloads! A collection of web attack payloads.
User: foospidy
payload payloads xss sqli web-attack-payloads passwords pentest hacking appsec cybersecurity

httpvoid / writeups
appsec,
Organization: httpvoid
Home Page: https://httpvoid.com
appsec security security-vulnerability

hysnsec / awesome-threat-modelling
appsec,A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Organization: hysnsec
Home Page: https://www.practical-devsecops.com/devsecops-university/
threat-modeling practical-devsecops security-review devsecops-university appsec devsecops awesome awesome-list

infobyte / faraday
appsec,Open Source Vulnerability Management Platform
Organization: infobyte
Home Page: https://www.faradaysec.com
devops penetration-testing vulnerability vulnerability-scanners security security-audit pentesting continuous-scanning infosec vulnerability-management

infoslack / awesome-web-hacking
appsec,A list of web application security
User: infoslack
penetration-testing web-hacking vulnerabilities scanner hacking hacking-tools metasploit web-security appsec owasp

jassics / security-study-plan
appsec,Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
User: jassics
aws-security study-guide study-plan appsec appsec-tutorials azure-security devsecops-university gcp-security pentesting application-security

johntroony / blisqy
appsec,Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
User: johntroony
Home Page: https://www.researchgate.net/publication/328880240_Time-Based_Blind_SQL_Injection_via_HTTP_Headers_Fuzzing_and_Exploitation
sql sql-injection blind-sql-injection sql-payloads exploitation database-security appsec blisqy john-ombagi

juice-shop / juice-shop
appsec,OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Organization: juice-shop
Home Page: https://owasp-juice.shop
owasp javascript vulnerable hacking application-security owasp-top-10 owasp-top-ten pentesting vulnapp appsec

mattkeeley / spoofy
appsec,Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
User: mattkeeley
application-security appsec cybersecurity deliverability dmarc email-security emails infosec penetration-testing penetration-testing-tools

maurosoria / dirsearch
appsec,Web path scanner
User: maurosoria
fuzzer fuzzing python security dirsearch hacking pentesting penetration-testing bug-bounty appsec

microsoft / security-101
appsec,8 Lessons, Kick-start Your Cybersecurity Learning.
Organization: microsoft
Home Page: https://microsoft.github.io/Security-101/
appsec cia-triad data-protection data-security iam identity risk-management secops security threat-modeling

numirias / security
appsec,Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
User: numirias
Home Page: https://twitter.com/rawsec
appsec pentesting security

openappsec / openappsec
appsec,open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Organization: openappsec
Home Page: https://openappsec.io
api-security application-security kubernetes nginx web-application-firewall appsec devsecops kong rate-limiting security-tools

openziti / ziti
appsec,The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
Organization: openziti
Home Page: https://openziti.io
networking vpn-2 appsec network zero-trust zero-trust-cloud zero-trust-network zero-trust-network-access zero-trust-security ztaa

oversecured / ovaa
appsec,Oversecured Vulnerable Android App
Organization: oversecured
Home Page: https://oversecured.com
appsec android-security vulnerable-application vulnerable-android-apps mobile-security

owasp / cheatsheetseries
appsec,The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Organization: owasp
Home Page: https://cheatsheetseries.owasp.org
owasp code security cheatsheets best-practices appsec application-security

owasp / go-scp
appsec,Golang Secure Coding Practices guide
Organization: owasp
Home Page: https://owasp.org/www-project-go-secure-coding-practices-guide/
appsec golang

owasp / owasp-vwad
appsec,The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Organization: owasp
Home Page: https://owasp.org/www-project-vulnerable-web-applications-directory/
appsec vulnerable-web-app vulnerable-web-application vulnerable owasp

owasp / railsgoat
appsec,A vulnerable version of Rails that follows the OWASP Top 10
Organization: owasp
Home Page: railsgoat.cktricky.com
rails security appsec ruby ruby-on-rails owasp-top vulnerabilities

owasp / threat-model-cookbook
appsec,This project is about creating and publishing threat model examples.
Organization: owasp
Home Page: https://owasp.org/www-project-threat-model-cookbook/
threat-models threat-model appsec threat-modeling threat-modelling

owasp / wstg
appsec,The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Organization: owasp
Home Page: https://owasp.org/www-project-web-security-testing-guide/
best-practices guide owasp bugbounty penetration-testing pentesting application-security security hacktoberfest appsec

owasp / www-community
appsec,OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
Organization: owasp
Home Page: https://owasp.org/www-community/
owasp appsec community-project

payloadbox / rfi-lfi-payload-list
appsec,🎯 RFI/LFI Payload List
Organization: payloadbox
Home Page: https://ismailtasdelen.medium.com
rfi lfi rfi-exploiton lfi-exploitation lfi-vulnerability rfi-vulnerabillity websecurity appsec application-security web-application-security

privado-inc / privado
appsec,Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
Organization: privado-inc
Home Page: https://docs.privado.ai
gdpr privacy-by-design privacy-engineering gdpr-compliant devprivops android-privacy-tools privacy-labels play-store-data-safety privacy-policy appsec

projectdiscovery / interactsh
appsec,An OOB interaction gathering server and client library
Organization: projectdiscovery
Home Page: https://app.interactsh.com
appsec oast dns security http smtp ldap oob bugbounty golang

roottusk / vapi
appsec,vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
User: roottusk
api apitop10 appsec appsec-tutorials bugbounty cors docker exercises hacktoberfest hacktoberfest-accepted owasp owasp-top-10 owasp-top-ten php postman vulnerable-application

security-prince / application-security-engineer-interview-questions
appsec,Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
User: security-prince
security-engineer-interview webappsec appsec devsecops infosec application-security vulnerability sdlc xss interview-questions

shiftleftsecurity / sast-scan
appsec,Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Organization: shiftleftsecurity
Home Page: https://discord.gg/DCNxzaeUpd
sast devsecops appsec license-scan dependency-scan workflow scanners

soluto / kamus
appsec, An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
Organization: soluto
Home Page: https://kamus.soluto.io
kubernetes-secrets appsec gitops devops kubernetes kms soluto-open-source

summitt / nope-proxy
appsec,TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
User: summitt
appsec appsecurity burp-extensions burp-plugin burpsuite burpsuite-extender hacking mitmproxy pentesting protobuf

thehackerdev / race-the-web
appsec,Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
User: thehackerdev
security-tools race-conditions security appsec devops-tools infosec

urbanadventurer / whatweb
appsec,Next generation web scanner
User: urbanadventurer
Home Page: https://www.morningstarsecurity.com/research/whatweb
security web scanner ruby penetration-testing kali-linux owasp penetration-testing-tools penetration-test hacking

volkandindar / agartha
appsec,a burp extension creates dynamic payloads to reveal injection flaws(LFI, RCE, SQLi), generates user access tables to spot authentication/authorization issues, and copys Http requests as JavaScript code.
User: volkandindar
penetration-testing pentesting cybersecurity burp-extensions hacking hacking-tool application-security appsec offsec burpsuite

webpwnized / mutillidae
appsec,OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
User: webpwnized
security owasp owasp-top-10 cybersecurity training web application top 10 appsec

zaproxy / zap-extensions
appsec,ZAP Add-ons
Organization: zaproxy
zap zaproxy dast appsec security security-scanner hacktoberfest

zaproxy / zaproxy
appsec,The ZAP core project
Organization: zaproxy
Home Page: https://www.zaproxy.org
zap zap-development dast appsec zaproxy security security-scanner hacktoberfest