Search Results for "owasp"
Sort By:
Showing 73 open source projects for "owasp"
View related business solutions-
Cloud-based help desk software with ServoDeskWhat if You Could Automate 90% of Your Repetitive Tasks in Under 30 Days? At ServoDesk, we help businesses like yours automate operations with AI, allowing you to cut service times in half and increase productivity by 25% - without hiring more staff.
-
Run applications fast and securely in a fully managed environmentRun frontend and backend services, batch jobs, deploy websites and applications, and queue processing workloads without the need to manage infrastructure.
-
1
OWASP Amass
In-depth attack surface mapping and asset discovery
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. -
2
OWASP WrongSecrets
Vulnerable app with examples showing how to not use secrets
Welcome to the OWASP WrongSecrets game! The game is packed with real life examples of how to not store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy. -
3
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory. The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. ... -
4
OWASP Find Security Bugs
The SpotBugs plugin for security audits of Java web applications
...Command line integration is available with Ant and Maven. Can be used with systems such as Jenkins and SonarQube. Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE. -
BrandMail Email Signatures for OutlookBrandMail®, developed by BrandQuantum, is a software solution that seamlessly integrates with Microsoft Outlook to empower every employee in the organisation to automatically create consistently branded emails via a single toolbar that provides access to brand standards and the latest pre-approved content.
-
5
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. ... -
6
Retire.js
Scanner detecting the use of JavaScript libraries
...An icon on the address bar displays will also indicate if vulnerable libraries were loaded. Retire.js has been adapted as a plugin for the penetration testing tools Burp and OWASP ZAP. -
7
MASVS
The OWASP MASVS (Mobile Application Security Verification Standard)
The OWASP Mobile Application Security Verification Standard (MASVS) is a comprehensive security standard for mobile applications, providing guidelines and a checklist for secure mobile app development. -
8
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. -
9
O-Saft
O-Saft - OWASP SSL advanced forensic tool
O-Saft is an OWASP project that offers an advanced SSL/TLS analysis tool. It provides detailed information about SSL certificates and tests SSL connections against specified cipher lists, aiding in the assessment of SSL/TLS configurations. -
Venue management software for the growing attractionAt ROLLER, we're passionate about empowering leisure and entertainment businesses to reach new heights of success. With a track record of serving 1,500+ customers across 25 countries, including some of the most renowned names in the attractions industry, including SkyZone, Altitude, American Dream, Uptown Jungle, Flip Out, WhoaZone, Oxygen, Innoflate, and Jumpsquare, we understand the unique needs of playcenters, family entertainment centers, wake parks, water parks, trampoline parks, theme parks, amusement parks, indoor climbing facilities, children's museums, zoos, aquariums and more.
-
10
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. -
11
ModSecurity Nginx Connector
ModSecurity v3 Nginx Connector
...It integrates WAF processing into the NGINX request/response phases, allowing rules to inspect headers, bodies, and even streaming request data before it reaches upstream apps. Operators can load the OWASP Core Rule Set or custom rules to detect and block common attacks such as SQLi, XSS, RCE patterns, and protocol anomalies. The module exposes directives for enabling audit logging, anomaly scoring, request body buffering limits, and performance tuning to fit high-traffic deployments. Because it’s a native NGINX module, it benefits from NGINX’s event-driven architecture and can be compiled as a dynamic module for flexible packaging. ... -
12
OWASP Mobile Application Security
Manual for mobile app security testing and reverse engineering
The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS) and a comprehensive testing guide (OWASP MASTG) that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. -
13
OWASP Mobile Security Testing Guide
Manual for mobile app security development and testing
We are writing a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. The MSTG is a comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers. The OWASP Mobile Application Security Verification Standard (MASVS) is, as the name implies, a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results. A checklist is available for use in security assessments that is based on the MASVS and MSTG and contains links to the MSTG test case for each requirement. -
14
Harness
Harness Open Source is an end-to-end developer platform
Harness is a CI/CD platform (available as SaaS/On-prem) that automates build, test, and deployment workflows. It offers pipeline-as-code YAML definitions, AI-optimized builds, policy-driven governance, multi-environment deployment templates (canary, blue/green), and integrated security scanning. -
15
ngx_waf
Handy, High performance, ModSecurity compatible Nginx firewall module
...The IP detection is a constant-time operation. Most of the remaining inspections use caching to improve performance. Compatible with ModSecurity's rules, you can use OWASP ModSecurity Core Rule Set. Supports verifying Google, Bing, Baidu and Yandex crawlers and allowing them automatically to avoid false positives. Supports three kinds of captchas: hCaptcha, reCAPTCHAv2 and reCAPTCHAv3. -
16
bearer
Code security scanning tool (SAST) to discover security risks
...Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We provides built-in rules against a common set of security risks and vulnerabilities, known as OWASP Top 10. Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics environments. Usage of weak encryption libraries or misusage of encryption algorithms. Unencrypted incoming and outgoing communication (HTTP, FTP, SMTP) of sensitive information. Non-filtered user input. Hard-coded secrets and tokens. ... -
17
SCS
HTTP Session Management for Go
...Easy to extend and customize. Communicate session tokens to/from clients in HTTP headers or request/response bodies. SCS implements a session management pattern following the OWASP security guidelines. Session data is stored on the server, and a randomly-generated unique session token (or session ID) is communicated to and from the client in a session cookie. Most applications will use the LoadAndSave() middleware. This middleware takes care of loading and committing session data to the session store, and communicating the session token to/from the client in a cookie as necessary. -
18
Code Quality and Security for Java
SonarSource Static Analyzer for Java Code Quality and Security
...Allow you to effortlessly repair your Java coding issues with just a click. Dozens of rules to ensure your tests are always as clean as your code! Dedicated rules to detect vulnerabilities including ones stemming from OWASP & CWE Top 25 guidelines. It all comes from a powerful analysis engine that we constantly refine. Sonar employs advanced rules along with smart, exclusive analysis techniques to find the trickiest, most elusive issues. -
19
bluemonday
Fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer
bluemonday is an HTML sanitizer implemented in Go. It is fast and highly configurable. bluemonday takes untrusted user-generated content as an input, and will return HTML that has been sanitized against an allowlist of approved HTML elements and attributes so that you can safely include the content in your web page. If you accept user-generated content, and your server uses Go, you need bluemonday. It protects sites from XSS attacks. There are many vectors for an XSS attack and the best way... -
20
CacheGuard WAF
Web Application Firewall
CacheGuard WAF (Web Application Firewall) allows you to protect your Web applications against content attacks such as but not limited to XSS, SQL injections and Virus injections. CacheGuard WAF is designed to be implemented as a filtering reverse proxy in front of Web servers. In addition, an IP reputation based module allows you to block all requests coming from real time blacklisted IPs. CacheGuard WAF is distributed as an open source OS to install on a virtual or hardware machine. Once... -
21
ScaNetOS
Entorno funcional para auditoría web y pentesting
ScaNetOS : Entorno de Auditoría Web Automatizada (v1.0) ScaNetOS es una Máquina Virtual en formato .OVA, diseñada para ser una máquina de análisis web y pentesting preconfigurada. Su objetivo es proporcionar un entorno de trabajo rápido y eficiente para pentesters éticos y analistas de seguridad enfocados en la auditoría de aplicaciones web y APIs. El corazón de esta MV es el ScaNet Panel (Script Bash v1.0), un menú centralizado que orquesta herramientas avanzadas y automatiza los... -
22
Vulnerable Web Apps
Vulnerable Web Apps virtual appliance to learn application security.
...Last version is an Ubuntu 22.04 server appliance, which includes the following applications: Version 4 Running on port 80: - bWAPP - Damn Vulnerable Web Application - OWASP Hackademic - OWASP Mutillidae Running on port 81: - Hackazon Running on port 82: - Conviso Vulnerable Web App Running on port 83: - Generic University Running on port 3000: - OWASP Juice Shop Running on port 9000: - Authlab -
23
VisualCodeGrepper V2.3.2
Code security review tool for C/C++, C#, VB, PHP, Java, PL/SQL, COBOL.
...It attempts to find phrases within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, 'ToDo'-style comments and bad code. I've tried to produce something which searches intelligently for buffer overflows and signed/unsigned comparison in C, violations of OWASP recommendations in Java code, etc. Current version: 2.3.2 -
24
AIAST
AIAST –An advanced interactive application security tool
AIAST –An advanced interactive application security tool identifying vulnerabilities in both self-developed code and open-source dependencies. Seamlessly integrate into CI/CD and can be applied in both application development phase and application deployment phase. ZeroDay –A global company headquartered in the U.K., focusing on R&D of state-of-the-art application security testing tools. Shift left security, and build security into DevSecOps. Technical Details Identifying... -
25
The Lift Web Framework
Lift Framework
Lift is the most powerful, most secure web framework available today. There are Seven Things that distinguish Lift from other web frameworks. Lift apps are resistant to common vulnerabilities including many of the OWASP Top 10. Lift apps are fast to build, concise and easy to maintain. Lift apps are high-performance and scale in the real world to handle insane traffic levels. Lift's Comet support is unparalled and Lift's ajax support is super-easy and very secure. Because Lift applications are written in Scala, an elegant JVM language, you can still use your favorite Java libraries and deploy to your favorite Servlet Container and app server. ...
