A curated list of resources for learning about application security
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application secur…
Updated Aug 30, 2018
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Updated Nov 21, 2017
Security compliance content in SCAP, Bash, Ansible, and other formats
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Updated Nov 1, 2018
Secure Content Management for the Modern Web - "The sky is only the beginning"
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
Updated May 24, 2016
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Updated Jul 18, 2018
Janusec Application Gateway, a Golang based application security solutions which provides WAF (Web Application Firewa…
Updated Sep 5, 2018
Web application security scanner
Updated Nov 10, 2018
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in…
Updated Nov 11, 2018
Fast Advanced Spam Analysis Tool
Updated Oct 29, 2018
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Updated Nov 13, 2018
Dynamic Application Security Test Orchestration (DASTO)
Updated Sep 28, 2018
Tool for breaking into web applications.
Updated Jul 4, 2017
OWASP SecurityRAT - Tool for handling security requirements in development
Updated Jul 4, 2018
Identifying Open-Source License Violation and 1-day Security Risk at Large Scale
Updated Jan 23, 2018
Sandboxed Wrapper for Node.js File System API
Updated Jun 27, 2018
An ultra-compact intro (or refresher) to Web Application Security.
Updated Feb 15, 2018
🗒️ A [work-in-progress] collection for interview questions for Information Security roles
Updated Jul 16, 2018
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android a…
Updated Oct 15, 2018
Scripts I have written to perform various IT Security admin tasks. From validating findings to performing automated a…
Updated Nov 7, 2018
🎯 Command Injection Payload List
Updated Nov 3, 2018
Rudimentary network protocol fuzzer using bash, netcat, and other tools.
Updated Mar 24, 2018
Create an application wrapper to prevent "crappy" apps from modifying other files on the system
Updated Oct 12, 2015
Example of OWASP ZAP Integration with NightwatchJS Test
Updated Apr 25, 2018
Walkthrough of the different scenarios related to application authorization using Azure AD
Updated Jun 14, 2018
📚 🐳 For DevOps Engineers 🐳 📚
Updated Apr 28, 2018
Serverless function for AWS Lambda/API Gateway that simply emails what was POSTed to it
Updated Mar 16, 2018