dast

The OWASP ZAP core project

OWASP ZAP Add-ons

⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.

A GitHub Action for running the OWASP ZAP Baseline scan

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

A GitHub Action for running the OWASP ZAP Full scan

SecHub - one central and easy way to use different security tools with one API/Client

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.

⚡️ Multiple target ZAP Scanning

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

An implementation of infrastructure-as-code scanning using dynamic tooling.

Curated list of security tools

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Udemy Course on DevSecOps

《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.

Security tools report parsers for Faradaysec.com

A GitHub Action for running the OWASP ZAP API scan

Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans

OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.