In-depth attack surface mapping and asset discovery
Probably the most modern and sophisticated insecure web application
Manual for mobile app security development and testing
The SpotBugs plugin for security audits of Java web applications
Manual for mobile app security testing and reverse engineering
The OWASP ZAP core project
OWASP Coraza WAF is a golang modsecurity compatible firewall library
Scanner detecting the use of JavaScript libraries
Probably the most modern and sophisticated insecure web application
Fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer
Handy, High performance, ModSecurity compatible Nginx firewall module
Code security scanning tool (SAST) to discover security risks
SonarSource Static Analyzer for Java Code Quality and Security
HTTP Session Management for Go
Lift Framework
Code security review tool for C/C++, C#, VB, PHP, Java, PL/SQL, COBOL.
Static Application Security Testing (SAST) engine
Extension that allows you to intercept and edit HTTP/HTTPS requests
Vulnerable Web Apps virtual appliance to learn application security.
Web Application Firewall
AIAST –An advanced interactive application security tool
A simple Web Application Firewall docker image
Open source OWASP penetration testing tool written in Python 3
Open source OWASP SelfBot For Defense And Offensive Use
Linux Distribution for Bug Hunters