Search Results for "owasp"
Sort By:
Showing 20 open source projects for "owasp"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
Cloud tools for web scraping and data extractionAutomate web data collection with cloud tools that handle anti-bot measures, browser rendering, and data transformation out of the box. Extract content from any website, push to vector databases for RAG workflows, or pipe directly into your apps via API. Schedule runs, set up webhooks, and connect to your existing stack. Free tier available, then scale as you need to.
-
1
OWASP Find Security Bugs
The SpotBugs plugin for security audits of Java web applications
...Command line integration is available with Ant and Maven. Can be used with systems such as Jenkins and SonarQube. Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE. -
2
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. ... -
3
Retire.js
Scanner detecting the use of JavaScript libraries
...An icon on the address bar displays will also indicate if vulnerable libraries were loaded. Retire.js has been adapted as a plugin for the penetration testing tools Burp and OWASP ZAP. -
4
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. -
Desktop and Mobile Device Management SoftwareDesktop Central is a unified endpoint management (UEM) solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location.
-
5
O-Saft
O-Saft - OWASP SSL advanced forensic tool
O-Saft is an OWASP project that offers an advanced SSL/TLS analysis tool. It provides detailed information about SSL certificates and tests SSL connections against specified cipher lists, aiding in the assessment of SSL/TLS configurations. -
6
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. -
7
Harness
Harness Open Source is an end-to-end developer platform
Harness is a CI/CD platform (available as SaaS/On-prem) that automates build, test, and deployment workflows. It offers pipeline-as-code YAML definitions, AI-optimized builds, policy-driven governance, multi-environment deployment templates (canary, blue/green), and integrated security scanning. -
8
bearer
Code security scanning tool (SAST) to discover security risks
...Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We provides built-in rules against a common set of security risks and vulnerabilities, known as OWASP Top 10. Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics environments. Usage of weak encryption libraries or misusage of encryption algorithms. Unencrypted incoming and outgoing communication (HTTP, FTP, SMTP) of sensitive information. Non-filtered user input. Hard-coded secrets and tokens. ... -
9
Code Quality and Security for Java
SonarSource Static Analyzer for Java Code Quality and Security
...Allow you to effortlessly repair your Java coding issues with just a click. Dozens of rules to ensure your tests are always as clean as your code! Dedicated rules to detect vulnerabilities including ones stemming from OWASP & CWE Top 25 guidelines. It all comes from a powerful analysis engine that we constantly refine. Sonar employs advanced rules along with smart, exclusive analysis techniques to find the trickiest, most elusive issues. -
Free and Open Source HR SoftwareGive your HR team the tools they need to streamline administrative tasks, support employees, and make informed decisions with the OrangeHRM free and open source HR software.
-
10
VisualCodeGrepper V2.3.2
Code security review tool for C/C++, C#, VB, PHP, Java, PL/SQL, COBOL.
...It attempts to find phrases within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, 'ToDo'-style comments and bad code. I've tried to produce something which searches intelligently for buffer overflows and signed/unsigned comparison in C, violations of OWASP recommendations in Java code, etc. Current version: 2.3.2 -
11
The Lift Web Framework
Lift Framework
Lift is the most powerful, most secure web framework available today. There are Seven Things that distinguish Lift from other web frameworks. Lift apps are resistant to common vulnerabilities including many of the OWASP Top 10. Lift apps are fast to build, concise and easy to maintain. Lift apps are high-performance and scale in the real world to handle insane traffic levels. Lift's Comet support is unparalled and Lift's ajax support is super-easy and very secure. Because Lift applications are written in Scala, an elegant JVM language, you can still use your favorite Java libraries and deploy to your favorite Servlet Container and app server. ... -
12
Insider
Static Application Security Testing (SAST) engine
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on agile and easy-to-implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET. Insider is focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. ... -
13
NodeGoat
The OWASP NodeGoat project
A deliberately vulnerable Node.js application designed for security training, helping developers understand common web vulnerabilities and how to mitigate them. -
14
Offensive Web Testing Framework
Offensive Web Testing Framework (OWTF), is a framework
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time to see the big picture and think out of the box. More efficiently find, verify and combine vulnerabilities. -
15
OWASP Security Shepherd
Web and mobile application security awareness/training platform
The OWASP Security Shepherd project enables users to learn or to improve upon existing manual penetration testing skills. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The by-product of this challenge game is the acquired skill to harden a player's own environment from OWASP top ten security risks. -
16
xxe
Intentionally vulnerable web services exploitable with XXE
...This zipped Ubuntu VM is set up as a Capture the Flag with those that successfully exploit the XXE vulnerability able to place their name on a leaderboard. As with other challenges in the OWASP Vicnum project the overall purpose is to have fun and generate interest in the topic. This challenge was used in an OWASP APPSEC 'Breaking Bad' event. -
17
Hcon Security Testing Framework
Open Source Penetration Testing / Ethical Hacking Framework
HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more. -
18
phprbac
PHP Role Based Access Control library
...PHP RBAC is compatible with NIST Level 2 RBAC standard and provides even more, with best performance yet available for any authorization library, and its for PHP. Note: Development and support has been moved to Github (https://github.com/OWASP/rbac). New releases will continue to be released here on SF. -
19
Orizon is a framework intended to provide tools and facilities to test java sources for security flaws. The main goal is to detect common threats as described in Owasp top 10 vulnerability document.
-
20
The Filters project team are building API's which will filter malicious input to applications that is used to launch various attacks. The filters will sanitize input rendering it harmless and detect specific attacks. This project will develop imple
- Previous
- You're on page 1
- Next
