The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

It's a Docker Environment for Pentesting which having all the required tool for VAPT.

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.

Alpine Linux image with nginx 1.23.4 (mainline) with HTTP/3 (quiche), TLSv1.3, 0-RTT, HPACK, brotli, NJS, Cookie-Flag support, ModSecurity with coreruleset and BoringSSL with OCSP support. All built on the bleeding edge. Total size is only about ~12 MB compressed.

Nginx reverse proxy with ModSecurity Web Application Firewall, SSL termination (certbot) and brotli compression

NGINX reverse proxy using ModSecurity WAF to protect a web application

Dockerfile to run OWASP Mutillidae II with NGINX https://github.com/webpwnized/mutillidae

Scripts which can be used with OWASP ZAP

Unofficial Docker image for MARA Framework

Securing docker web apps with your personal OpenID Connect based Single Sign-On provider, multi-factor authentication and a web app firewall

OWASP Juice shop dockerized with CTF option

Working location for Container based NGINX Proxy with ModSec(OWASP CRS) / NGINX App Protect.

Using WEB security module together with NGINX inside a container to facilitate the protection of the application, based on OWASP ModSecurity Core Rule Set rules to further improve protection.

Provides containerized Nginx reverse-proxy with ModSecurity WAF and OWASP Core Rule Set (CRS).

A guide to deploy OWASP ZAP on Openshift.

Nutek Terminal in Fedora. Look for macOS version in nutek-apple repo.