The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
-
Updated
Aug 31, 2020 - Python
#
appsec
Here are 115 public repositories matching this topic...
Web path scanner
python
security
scanner
hacking
bruteforce
penetration-testing
bug-bounty
fuzzing
pentesting
pentest
fuzzer
appsec
dirsearch
dirbuster
scanner-web
-
Updated
Aug 31, 2020 - Python
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
javascript
hacking
owasp
application-security
pentesting
ctf
vulnerable
appsec
owasp-top-10
owasp-top-ten
vulnapp
-
Updated
Aug 31, 2020 - JavaScript
w3af: web application attack and audit framework, the open source web vulnerability scanner.
-
Updated
Aug 5, 2020 - Python
Next generation web scanner
ruby
security
web
scanner
hacking
owasp
penetration-testing
application-security
pentesting
recon
pentest
kali-linux
appsec
network-security
web-hacking
security-tools
penetration-test
hacking-tools
pentesting-tools
penetration-testing-tools
-
Updated
Aug 28, 2020 - Ruby
Git All the Payloads! A collection of web attack payloads.
-
Updated
Jul 19, 2020 - Shell
kingthorin
commented
Apr 2, 2020
Merge /Testing_for_Vertical_Bypassing_Authorization_Schema_WSTG-AUTHZ-00X.md into 4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
-
Updated
Jun 11, 2019
A vulnerable version of Rails that follows the OWASP Top 10
-
Updated
Jul 28, 2020 - HTML
herveleclerc
commented
Mar 9, 2020
Authentication via Azure/aad-pod-identity for keyvault access could be a good feature to avoid use of clientId/ clientSecret in chart values. Don't you think ?
Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
security
owasp
bom
vulnerabilities
vulndb
appsec
component-analysis
nvd
vulnerability-detection
sca
software-security
security-automation
devsecops
software-composition-analysis
bill-of-materials
ossindex
purl
package-url
sbom
cyclonedx
-
Updated
Aug 31, 2020 - Java
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
-
Updated
Aug 24, 2020
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
-
Updated
Oct 16, 2019 - Go
Integrates Dependency-Check reports into SonarQube
security
sonarqube
owasp
visibility
vulnerabilities
appsec
component-analysis
nvd
sonar-plugin
software-security
vulnerable-components
-
Updated
Aug 1, 2020 - HTML
RobinMeis
commented
Jun 7, 2020
I've found a way to bypass certain filters which implement the following behaviour: The filter checks everything between opening and closing or opening and opening brackets. A whitelist is checked against the HTML tag as well as every attribute found within the brackets. Whenever an attribute is not whitelisted the filter will block the input. Closing tags are detected as soon as a slash is found
Open
sim swapping
3
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
xss
vulnerability
infosec
application-security
interview-questions
appsec
webappsec
sdlc
devsecops
security-engineer-interview
-
Updated
Aug 7, 2020
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
awesome
awesome-list
threat-modeling
appsec
devsecops
security-review
practical-devsecops
devsecops-university
-
Updated
Jul 23, 2020 - Dockerfile
YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
-
Updated
Jul 27, 2020 - Python
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
security
scala
sbt
static-analysis
owasp
sbt-plugin
vulnerabilities
cve
appsec
nvd
software-security
owasp-dependencycheck
vulnerability-scanners
software-composition-analysis
-
Updated
Jul 3, 2020 - Scala
security
bug-bounty
application-security
bugbounty
appsec
payload
payloads
lfi
rfi
web-hacking
websecurity
web-application-security
security-research
security-researcher
lfi-exploitation
payload-list
lfi-vulnerability
security-researchers
rfi-exploiton
rfi-vulnerabillity
-
Updated
Jan 9, 2020
Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
-
Updated
Jun 11, 2019 - PHP
In progress rough solutions to bWAPP / bee-box
-
Updated
Jan 7, 2020 - HTML
Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
sql
sql-injection
exploitation
appsec
blind-sql-injection
sql-payloads
database-security
blisqy
john-ombagi
-
Updated
Mar 24, 2019 - Python
A simple Java command-line utility to mirror the CVE JSON data from NIST.
-
Updated
Aug 8, 2020 - Java
An application to assist in the organization and prioritization of software security activities.
-
Updated
Jun 5, 2020 - Python
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
-
Updated
Aug 14, 2020 - JavaScript
This project is about creating and publishing threat model examples.
-
Updated
Aug 14, 2020 - Python
Improve this page
Add a description, image, and links to the appsec topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the appsec topic, visit your repo's landing page and select "manage topics."
Describe the bug
The "Customize HTML Report Option" is missing the
evidencefield which is necessary for the receiver of the report to know where they need to solve the issue.In this example, the HTML source code of the page is several thousand lines of code the report is Reverse Tabnabbing so the developer will need to know which anchor
<a>tag to fix. Unfortunately, the evidence fie