Search Results for "owasp broken web"
Sort By:
Showing 23 open source projects for "owasp broken web"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
Automate contact and company data extractionGenerate leads at scale without building or maintaining scrapers. Use 10,000+ ready-made tools that handle authentication, pagination, and anti-bot protection. Pull data from business directories, social profiles, and public sources, then export to your CRM or database via API. Schedule recurring extractions, enrich existing datasets, and integrate with your workflows.
-
1
OWASP Find Security Bugs
The SpotBugs plugin for security audits of Java web applications
The SpotBugs plugin for security audits of Java web applications. Find Security Bugs is the SpotBugs plugin for security audits of Java web applications. It can detect 141 different vulnerability types with over 823 unique API signatures. Cover popular frameworks including Spring-MVC, Struts, Tapestry and many more. Plugins are available for Eclipse, IntelliJ / Android Studio and NetBeans. -
2
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. ... -
3
Retire.js
Scanner detecting the use of JavaScript libraries
There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay updated on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. -
4
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. -
Free and Open Source HR SoftwareGive your HR team the tools they need to streamline administrative tasks, support employees, and make informed decisions with the OrangeHRM free and open source HR software.
-
5
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. -
6
OnlineToolsBook
Online tool cheats, write a high-quality manual for online tools
...For someone who frequently resorts to ad-hoc web tools to solve tasks (text manipulation, image processing, conversion, utilities), OnlineToolsBook acts as an aggregator of “cheat sheets” or curated pointer collection rather than a specific application. The intention appears to be long-term: the repository can be updated to reflect new tools, remove broken ones, organize categories, or provide usage hints — so it becomes a living, crowd-maintained reference. -
7
VisualCodeGrepper V2.3.2
Code security review tool for C/C++, C#, VB, PHP, Java, PL/SQL, COBOL.
...In addition to performing some more complex checks it also has a config file for each language that basically allows you to add any bad functions (or other text) that you want to search for. It attempts to find phrases within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, 'ToDo'-style comments and bad code. I've tried to produce something which searches intelligently for buffer overflows and signed/unsigned comparison in C, violations of OWASP recommendations in Java code, etc. ... -
8
CSS Critic
Lightweight CSS regression testing
A lightweight tool for regression testing of Cascading Style Sheets. Your web stack should be fully testable. CSS Critic closes the gap in front-end testing and makes HTML & CSS testable - no more broken UI. For example, make it supervise changes to your project's responsive style guide so you know things are looking good. We believe that your UI will change often enough that a lightweight process on managing changes (near instant feedback, anyone?) -
9
The Lift Web Framework
Lift Framework
Lift is the most powerful, most secure web framework available today. There are Seven Things that distinguish Lift from other web frameworks. Lift apps are resistant to common vulnerabilities including many of the OWASP Top 10. Lift apps are fast to build, concise and easy to maintain. Lift apps are high-performance and scale in the real world to handle insane traffic levels. -
Desktop and Mobile Device Management SoftwareDesktop Central is a unified endpoint management (UEM) solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location.
-
10
Photonix Photo Manager
A modern, web-based photo management server
A modern, web-based photo management server. Run it on your home server and it will let you find the right photo from your collection on any device. Smart filtering is made possible by object recognition, face recognition, location awareness, color analysis and other ML algorithms. This project is currently in development and not feature complete for a version 1.0 yet. -
11
Ooui Web Framework
UI library that brings the simplicity of native UI development to web
...Ooui has been broken up into several packages to increase the variety of ways that it can be used. When the user requests a page, the page will connect to the server using a web socket. This socket is used to keep the server's in-memory model of the UI (the one you work with as a programmer) in sync with the actual UI shown to the user in their browser. -
12
chklinks is a non-threaded Perl link checker. It helps finding broken links on your website. It does not raises many simultaneously connections for its job, run out of the resources and crash your system in a moment.
-
13
NodeGoat
The OWASP NodeGoat project
A deliberately vulnerable Node.js application designed for security training, helping developers understand common web vulnerabilities and how to mitigate them. -
14
Offensive Web Testing Framework
Offensive Web Testing Framework (OWTF), is a framework
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time to see the big picture and think out of the box. More efficiently find, verify and combine vulnerabilities. Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions. Perform more tactical/targeted... -
15
webchat
Websocket project based on vue
Websocket project based on vue. Register and log in, chat with others View history, multiple chatrooms, chat with a robot, send pictures, send links, send emoji, preview picture, Message not read, and broken line reconnection. -
16
ACMESharp
An ACME client library and PowerShell client for the .NET platform
...ACMESharp includes features comparable to the official Let's Encrypt client which is the reference implementation for the client-side ACME protocol. The ACMESharp client implementation is broken up into layers that build upon each other. Basic tools and services required for implementing the ACME protocol and its semantics (JSON Web Signature (JWS), PKI operations, client-side persistence) Low-level ACME protocol client library that can interoperate with a compliant ACME server. PowerShell module that implements a powerful client, that functions equally well as a manual tool or a component of a larger automation process, for managing ACME Registrations, Identifiers, etc. -
17
OWASP Security Shepherd
Web and mobile application security awareness/training platform
The OWASP Security Shepherd project enables users to learn or to improve upon existing manual penetration testing skills. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The by-product of this challenge game is the acquired skill to harden a player's own environment from OWASP top ten security risks. The modules have been crafted to provide not only a challenge for a security novice, but security... -
18
xxe
Intentionally vulnerable web services exploitable with XXE
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located. This zipped Ubuntu VM is set up as a Capture the Flag with those that successfully exploit the XXE vulnerability... -
19
sitecheck
Modular web site spider for web developers.
More than just a link checker, sitecheck is a website spider (also known as a crawler) which can assist with SEO by testing an entire site plus both inbound links from search engines and outbound links to other sites for the following issues: looping redirects (HTTP 301/302), broken links (HTTP 404), server errors (HTTP 500), spelling mistakes, low readability scores (using the Flesch Reading Ease test), missing/empty/duplicate meta tags, duplicate content, slow page speed, W3C validation... -
20
Hcon Security Testing Framework
Open Source Penetration Testing / Ethical Hacking Framework
HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more. -
21
phprbac
PHP Role Based Access Control library
RBAC (role based access control) is the de-facto standard in authorization and access control, because its much easier to maintain and use than traditional ACLs. Unfortunately due to its complicated internals, not many implementations are available. PHP RBAC is compatible with NIST Level 2 RBAC standard and provides even more, with best performance yet available for any authorization library, and its for PHP. Note: Development and support has been moved to Github... -
22
Tryit Editor
A free, open source, and easy to use HTML editor
WEBS TOOK TRYIT EDITOR DOWN, TRYING TO REUPLOAD TRYIT EDITOR TO ANOTHER HOSTING SERVICE. Tryit Editor is a lightweight HTML editor that uses CodeMirror to highlight code. It features an easy to use WYSIWYG interface, as well as many functions, such as saving to local disk. Features automatic updates of main script files. Code is released under MIT license. CodeMirror is copyright Marijn Haverbeke, and is released under a MIT-style license. Read the CodeMirror license at:... -
23
The Filters project team are building API's which will filter malicious input to applications that is used to launch various attacks. The filters will sanitize input rendering it harmless and detect specific attacks. This project will develop imple
- Previous
- You're on page 1
- Next
