The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
-
Updated
Jun 30, 2022 - Python
#
owasp
Here are 515 public repositories matching this topic...
A collection of hacking / penetration testing resources to make you better!
exploit
reverse-engineering
malware
mitm
hacking
owasp
penetration-testing
ctf
privilege-escalation
buffer-overflow
windows-privilege-escalation
privilege-escalation-linux
-
Updated
May 19, 2022
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
python
rest
static-analysis
apk
owasp
dynamic-analysis
web-security
malware-analysis
mobsf
android-security
mobile-security
windows-mobile-security
ios-security
mobile-security-framework
api-testing
cwe
devsecops
runtime-security
mstg
masvs
-
Updated
Jul 5, 2022 - JavaScript
enhancement
IdealFirstBug
An issue ideal for new contributors. Same as label "good first issue", kept for legacy reasons.
add-on
good first issue
An issue ideal for new contributors.
In-depth Attack Surface Mapping and Asset Discovery
go
dns
osint
owasp
subdomain
enumeration
recon
maltego
network-security
information-gathering
osint-reconnaissance
attack-surfaces
-
Updated
Jun 27, 2022 - Go
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
javascript
security
hacking
owasp
application-security
pentesting
ctf
vulnerable
appsec
hacktoberfest
owasp-top-10
owasp-top-ten
24pullrequests
vulnapp
-
Updated
Jul 6, 2022 - TypeScript
A curated list of resources for learning about application security
-
Updated
May 23, 2022 - PHP
Open
Onekongpc
OneKongpc
commented
Jan 31, 2022
What and where?
Please give the broken URL. Where is the link located?
Would you like to be assigned to this issue?
Check the box if you will submit a PR to fix this issue. Please read CONTRIBUTING.md.
-KONG [ ] Assign me, please!
A list of web application security
security
scanner
hacking
owasp
penetration-testing
vulnerability
web-security
pentesting
vulnerabilities
appsec
metasploit
web-hacking
hacking-tools
-
Updated
Jun 14, 2022
Next generation web scanner
ruby
security
web
scanner
hacking
owasp
penetration-testing
application-security
pentesting
recon
pentest
kali-linux
appsec
network-security
web-hacking
security-tools
penetration-test
hacking-tools
pentesting-tools
penetration-testing-tools
-
Updated
Feb 5, 2022 - Ruby
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
docker
kubernetes
infrastructure
security
microservices
helm
container
hacking
owasp
cloud-native
pentesting
cloudsecurity
devsecops
cloud-security
container-security
vulnerable-app
kubernetes-security
kubernetes-goat
-
Updated
Jul 8, 2022 - HTML
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
go
html
sanitization
security
whitelist
risk
xss
data-uri
owasp
html-element
scenario
turns
nofollow
bluemonday
-
Updated
Jul 1, 2022 - Go
DefectDojo is a DevSecOps and vulnerability management tool.
python
kubernetes
security
automation
django
analytics
owasp
vulnerability-databases
appsec
vulnerability-management
hacktoberfest
security-orchestration
security-automation
devsecops
vulnerability-correlation
-
Updated
Jul 8, 2022 - HTML
Automated Security Testing For REST API's
python
security
owasp
ci-cd
penetration-testing
postman-collection
sdlc
security-automation
penetration-testing-framework
restapiautomation
-
Updated
Jan 29, 2022 - Python
patric-eberle
commented
Jun 29, 2022
It seems that the link to A Roadmap for Node.js Security is dead. The proposed link on lirantal/awesome-nodejs-security#42 (comment) does work though. It might better be replaced in the documentation.
h3xstream
commented
Oct 5, 2020
Description
BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.
Code
import org.apache.commons.beanutils.BeanUtils;
publicAutomated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
python
security
automation
scanner
bruteforce
owasp
nmap
penetration-testing
pentesting
cve
network-analysis
vulnerability-management
vulnerability-scanners
information-gathering
portscanner
security-tools
vulnerability-scanner
penetration-testing-framework
hacking-tools
pentesting-tools
cves
-
Updated
Jun 29, 2022 - HTML
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
python
linux
security
nist
framework
passive
mozilla
traffic
owasp
pentest
impact
kali-linux
owtf
semi-passive
web-application-security
-
Updated
Jul 7, 2022 - JavaScript
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
javascript
ruby
python
java
swift
rust
golang
php
security
ios
cryptography
encryption
authentication
objective-c
owasp
cryptography-library
secure-messenger
asymmetric-cryptography
symmetric-cryptography
secure-storage
-
Updated
May 24, 2022 - C
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
security
security-audit
mobile
gitbook
verification
audit
owasp
ios-app
standard
penetration-testing
android-app
security-standards
penetration-tests
mstg
masvs
-
Updated
Jul 4, 2022 - TeX
hackers
hacking
resources
owasp
penetration-testing
exploitation
youtube-channel
web-hacking
vulnerable-applications
learning-hacking
-
Updated
Dec 1, 2021
nscuro
commented
Jun 20, 2022
Current Behavior:
As identified in #1727, there may be multiple fields of CycloneDX BOMs that we currently don't ingest or display.
Proposed Behavior:
Assess DT's coverage of CycloneDX v1.4 fields and add support for ingesting and displaying missing fields.
fzipi
commented
Jun 18, 2022
There is no information on where this list comes from but undoubtedly should come from the official php config directives list.
This is low hanging
OWASP Web Application Security Testing Checklist
-
Updated
Jul 11, 2019
OWASP Joomla Vulnerability Scanner Project
-
Updated
Mar 19, 2022 - Raku
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software. A containerized version of the application is available as a companion project.
training
security
application
web
owasp
cybersecurity
penetration-testing
top
appsec
10
owasp-top-10
-
Updated
May 10, 2022 - PHP
An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses
security
waf
owasp
bugbounty
web-application-firewall
security-tools
web-application-security
security-testing
graphql-security
api-security
rest-security
grpc-security
-
Updated
Jul 8, 2022 - Go
Improve this page
Add a description, image, and links to the owasp topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the owasp topic, visit your repo's landing page and select "manage topics."
Is your feature request related to a problem?
The Traditional and Traditional Plus JSON reports treat "Other Info" as consistent between alerts which is not always the case. A new JSON report should be added which treats "Other Info" as potentially unique per alert instance.
As per the original issue a perfect way to test/experience this need is the Retire.JS passive scan alerts which i