Skip to content
#

owasp

Star

Here are 485 public repositories matching this topic...

Language: All
Filter by language
All 485 Python 74 JavaScript 55 Java 53 HTML 48 PHP 31 Shell 27 Go 22 C# 16 TypeScript 13 Dockerfile 9
Sort: Best match
Sort options
Best match Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated
Mobile-Security-Framework-MobSF

MobSF / Mobile-Security-Framework-MobSF

Star 10.9k

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

python rest static-analysis apk owasp dynamic-analysis web-security malware-analysis mobsf android-security mobile-security windows-mobile-security ios-security mobile-security-framework api-testing cwe devsecops runtime-security mstg masvs
  • Updated Apr 17, 2022
  • JavaScript

zaproxy / zaproxy

Star 9.4k
Open

Automation - make variable substitution work anywhere in yaml

7
rethab
rethab commented Apr 11, 2022

Is your feature request related to a problem? Please describe.

I have tried to use (env) variables in my YAML file for the automation framework, but it looks like variables only work in the env.ctx section of that YAML.

Describe the solution you'd like

It would be nice if I could write a YAML file like so:

env:
  contexts:
    # .. my context
jobs:
  - type: "ope
Read more
enhancement IdealFirstBug add-on good first issue
Find more good first issues
wstg

OWASP / wstg

Star 4.2k
Open

Onekongpc

OneKongpc
OneKongpc commented Jan 31, 2022

What and where?
Please give the broken URL. Where is the link located?

Would you like to be assigned to this issue?
Check the box if you will submit a PR to fix this issue. Please read CONTRIBUTING.md.
-KONG [ ] Assign me, please!

Read more
bug help wanted good first issue
Find more good first issues

DefectDojo / django-DefectDojo

Star 2.1k
Open

Incorrect False positives and Risk accepted metrics

8
zakrush
zakrush commented Jun 30, 2021

Slack us first!
Hello. I write about problem here:
https://owasp.slack.com/archives/C2P5BA8MN/p1624892081234100

Be informative
As additional into slack I find the same behaviour with Risk Accepted findings. Into Metrics I see 0 Risk Accepted findings, but I have 1 Risk Accepted finding

Bug description
No error. Metrics into product, or metrics dushboard has incorrect info

Read more
bug good first issue stale
Find more good first issues
find-sec-bugs

find-sec-bugs / find-sec-bugs

Star 1.8k
Open

Detect usage of Apache BeanUtils as dangerous

1
h3xstream
h3xstream commented Oct 5, 2020

Description

BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.

Code

import org.apache.commons.beanutils.BeanUtils;

public
Read more
hacktoberfest good first issue
Find more good first issues
dependency-track

DependencyTrack / dependency-track

Star 1.1k
Open

Migrate Swagger to OpenAPI 3

2
stevespringett
stevespringett commented Nov 18, 2020

The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number

Read more
enhancement help wanted p2 good first issue

coreruleset / coreruleset

Star 948
Open

920470 false positive with nextcloud exclusion rules, maybe non working 9003330

3
birdynm
birdynm commented Mar 16, 2022

Description

With a Nextcloud installation and activated Nextcloud-exclusion-rules their is a false positive alarm of rule "920470" when a calendar entry is changed in the web-interface. (I think Rule "9003330" should prevent this but didn't work, at least for me)

I tried to change rule 9003330 to phase:1 (didn't solve the Problem)

Current workaround for me is to add "ctl:ruleRemoveByI

Read more
good first issue False Positive

webpwnized / mutillidae

Star 775

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software. A containerized version of the application is available as a companion project.

training security application web owasp cybersecurity penetration-testing top appsec 10 owasp-top-10
  • Updated Apr 10, 2022
  • PHP

OWASP / www-community

Star 678
Open

HttpOnly needs updates

9
kingthorin
kingthorin commented Nov 9, 2020

I just finished dealing with auto-migrated issues for this article, it could definitely use some content updates:
https://github.com/OWASP/www-community/blob/master/pages/HttpOnly.md it still talks about old versions of IE and Opera.

This article includes an extensive table that needs re-working after the auto-migration as well (which I did not tackle).

Is Opera even relevant in 2020? Do

Read more
good first issue help wanted

Improve this page

Add a description, image, and links to the owasp topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the owasp topic, visit your repo's landing page and select "manage topics."

Learn more