Showing 65 open source projects for "owasp"

View related business solutions
  • Recruit and Manage your Workforce Icon
    Recruit and Manage your Workforce

    Evolia makes it easier to hire, schedule and track time worked by frontline in medium and large-sized businesses.

    Evolia is a web and mobile platform that connects enterprises with 1000’s of local shift workers and offers free workforce scheduling and time and attendance solutions. Is your business on Evolia?
  • Vivantio IT Service Management Icon
    Vivantio IT Service Management

    Your service operation isn’t one-size-fits all, so your IT service management solution shouldn’t be either

    The Vivantio Platform allows you to focus on the IT service management tools that make sense for your organization’s unique service model: from incident, problem and change requests, to service requests, client knowledge and asset management
  • 1
    OWASP Amass

    OWASP Amass

    In-depth attack surface mapping and asset discovery

    The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application...
    Downloads: 11 This Week
    Last Update:
    See Project
  • 2
    OWASP Juice Shop

    OWASP Juice Shop

    Probably the most modern and sophisticated insecure web application

    It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory. The application contains a vast number of hacking challenges of varying difficulty where the user is supposed...
    Downloads: 8 This Week
    Last Update:
    See Project
  • 3
    OWASP Mobile Security Testing Guide

    OWASP Mobile Security Testing Guide

    Manual for mobile app security development and testing

    We are writing a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. The MSTG is a comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers. The OWASP Mobile Application Security Verification Standard (MASVS...
    Downloads: 6 This Week
    Last Update:
    See Project
  • 4
    OWASP Find Security Bugs

    OWASP Find Security Bugs

    The SpotBugs plugin for security audits of Java web applications

    ... and SonarQube. Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE.
    Downloads: 3 This Week
    Last Update:
    See Project
  • Make Recruiting and Onboarding Easy Icon
    Make Recruiting and Onboarding Easy

    Simple, easy-to-use applicant tracking and employee Onboarding system for any sized organization.

    Take away the pain and hassle associated with applicant recruitment, hiring, and onboarding with ApplicantStack. Designed for HR professionals and recruiters, ApplicantStack helps streamline the recruiting and onboarding processes to improve productivity and reduce costs. ApplicantStack provides a complete toolkit that includes tools for posting, launching, and advertising jobs, assessing and managing candidates, collaborating with teams, centralizing information for quick hiring and onboarding, and more.
  • 5
    OWASP Mobile Application Security

    OWASP Mobile Application Security

    Manual for mobile app security testing and reverse engineering

    The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS) and a comprehensive testing guide (OWASP MASTG) that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 6
    ZAP

    ZAP

    The OWASP ZAP core project

    The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications...
    Downloads: 46 This Week
    Last Update:
    See Project
  • 7
    Coraza

    Coraza

    OWASP Coraza WAF is a golang modsecurity compatible firewall library

    Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks...
    Downloads: 3 This Week
    Last Update:
    See Project
  • 8
    Retire.js

    Retire.js

    Scanner detecting the use of JavaScript libraries

    There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay updated on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules. grunt...
    Downloads: 5 This Week
    Last Update:
    See Project
  • 9
    OWASP Juice Shop

    OWASP Juice Shop

    Probably the most modern and sophisticated insecure web application

    OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory. The application...
    Leader badge
    Downloads: 354 This Week
    Last Update:
    See Project
  • Case Management Software for Social Services Icon
    Case Management Software for Social Services

    For human services organizations looking for case management software

    Collaborate is customizable case management software for non-profits and social services agencies with teams of 5+ staff.
  • 10
    bluemonday

    bluemonday

    Fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer

    bluemonday is an HTML sanitizer implemented in Go. It is fast and highly configurable. bluemonday takes untrusted user-generated content as an input, and will return HTML that has been sanitized against an allowlist of approved HTML elements and attributes so that you can safely include the content in your web page. If you accept user-generated content, and your server uses Go, you need bluemonday. It protects sites from XSS attacks. There are many vectors for an XSS attack and the best way...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 11
    ngx_waf

    ngx_waf

    Handy, High performance, ModSecurity compatible Nginx firewall module

    Handy, High-performance Nginx firewall module. Such as black and white list of IPs or IP range, uri black and white list, and request body black list, etc. Directives and rules are easy to write and readable. The IP detection is a constant-time operation. Most of the remaining inspections use caching to improve performance. Compatible with ModSecurity's rules, you can use OWASP ModSecurity Core Rule Set. Supports verifying Google, Bing, Baidu and Yandex crawlers and allowing them automatically...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 12
    bearer

    bearer

    Code security scanning tool (SAST) to discover security risks

    Welcome to the Bearer documentation. Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We provides built-in rules against a common set of security risks and vulnerabilities, known as OWASP Top 10. Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 13
    Code Quality and Security for Java

    Code Quality and Security for Java

    SonarSource Static Analyzer for Java Code Quality and Security

    ... coding issues with just a click. Dozens of rules to ensure your tests are always as clean as your code! Dedicated rules to detect vulnerabilities including ones stemming from OWASP & CWE Top 25 guidelines. It all comes from a powerful analysis engine that we constantly refine. Sonar employs advanced rules along with smart, exclusive analysis techniques to find the trickiest, most elusive issues.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 14
    SCS

    SCS

    HTTP Session Management for Go

    ... implements a session management pattern following the OWASP security guidelines. Session data is stored on the server, and a randomly-generated unique session token (or session ID) is communicated to and from the client in a session cookie. Most applications will use the LoadAndSave() middleware. This middleware takes care of loading and committing session data to the session store, and communicating the session token to/from the client in a cookie as necessary.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 15
    The Lift Web Framework

    The Lift Web Framework

    Lift Framework

    Lift is the most powerful, most secure web framework available today. There are Seven Things that distinguish Lift from other web frameworks. Lift apps are resistant to common vulnerabilities including many of the OWASP Top 10. Lift apps are fast to build, concise and easy to maintain. Lift apps are high-performance and scale in the real world to handle insane traffic levels. Lift's Comet support is unparalled and Lift's ajax support is super-easy and very secure. Because Lift applications...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 16

    VisualCodeGrepper V2.3.2

    Code security review tool for C/C++, C#, VB, PHP, Java, PL/SQL, COBOL.

    ... within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, 'ToDo'-style comments and bad code. I've tried to produce something which searches intelligently for buffer overflows and signed/unsigned comparison in C, violations of OWASP recommendations in Java code, etc. Current version: 2.3.2
    Leader badge
    Downloads: 145 This Week
    Last Update:
    See Project
  • 17
    Insider

    Insider

    Static Application Security Testing (SAST) engine

    Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on agile and easy-to-implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET. Insider is focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 18
    Tamper Dev

    Tamper Dev

    Extension that allows you to intercept and edit HTTP/HTTPS requests

    If you are a developer, you can use Tamper Dev to debug your websites, or if you are a pentester, you can use it to search for security vulnerabilities by inspecting the HTTP traffic from your browser. Unlike most other extensions, Tamper Dev allows you to intercept, inspect and modify the requests before they are sent to the server. This extension provides functionality similar to Burp Proxy, MITM Proxy, OWASP ZAP, Tamper Data, and Postman Proxy, but without the need of additional software...
    Downloads: 3 This Week
    Last Update:
    See Project
  • 19

    Vulnerable Web Apps

    Vulnerable Web Apps virtual appliance to learn application security.

    ... 4 Running on port 80: - bWAPP - Damn Vulnerable Web Application - OWASP Hackademic - OWASP Mutillidae Running on port 81: - Hackazon Running on port 82: - Conviso Vulnerable Web App Running on port 83: - Generic University Running on port 3000: - OWASP Juice Shop Running on port 9000: - Authlab
    Leader badge
    Downloads: 36 This Week
    Last Update:
    See Project
  • 20
    CacheGuard WAF

    CacheGuard WAF

    Web Application Firewall

    CacheGuard WAF (Web Application Firewall) allows you to protect your Web applications against content attacks such as but not limited to XSS, SQL injections and Virus injections. CacheGuard WAF is designed to be implemented as a filtering reverse proxy in front of Web servers. In addition, an IP reputation based module allows you to block all requests coming from real time blacklisted IPs. CacheGuard WAF is distributed as an open source OS to install on a virtual or hardware machine. Once...
    Downloads: 6 This Week
    Last Update:
    See Project
  • 21
    AIAST

    AIAST

    AIAST –An advanced interactive application security tool

    AIAST –An advanced interactive application security tool identifying vulnerabilities in both self-developed code and open-source dependencies. Seamlessly integrate into CI/CD and can be applied in both application development phase and application deployment phase. ZeroDay –A global company headquartered in the U.K., focusing on R&D of state-of-the-art application security testing tools. Shift left security, and build security into DevSecOps. Technical Details Identifying vulnerabilities...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 22
    sWAF

    sWAF

    A simple Web Application Firewall docker image

    sWAF is a simple Web Application Firewall docker image, pre-configured to be easily used within your web services architecture. It runs NGINX as a dedicated reverse proxy embedding powerful WAF engines: ModSecurity 3, using OWASP® ModSecurity Core Rule Set (CRS) rules, and NAXSI. It uses acme.sh for Let's Encrypt and other free CA support. A lot of people are self-hosting their own cloud infrastructure (using Nextcloud, Synology, QNAP, a cloud lease server or home-made solutions...), but we can...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 23

    FireCX

    Open source OWASP penetration testing tool written in Python 3

    FireCX is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 24

    NexusVX

    Open source OWASP SelfBot For Defense And Offensive Use

    What is a selfbot? ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ A selfbot is basically a bot inside your own account. It uses your token to post messages as you. It reacts to you and you only. A token is a small piece of encrypted text. Its basically a key to run Discord applications, it will need to connect to the account the app should run on. That’s why both bot accounts and user accounts have tokens. Since selfbots have access to the Discord API (Application Programming...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 25
    BugBuntu

    BugBuntu

    Linux Distribution for Bug Hunters

    BugBuntu is a Fork of Ubuntu 18.04 customized for Bug Hunters. The distribution contains almost all tools used by KingOfBugBounty tips repository for Recon and tests on platforms like Hackerone, Bugcrowd and others. Default credential: user: bugbuntu pwd: bugbuntu KingOfBugBoutyTips: https://github.com/KingOfBugbounty/KingOfBugBountyTips Telegram Group: https://t.me/joinchat/DN_iQksIuhyPKJL1gw0ttA
    Downloads: 9 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • 3
  • Next