The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
-
Updated
Jul 16, 2024 - Python
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Web path scanner
Open Source Vulnerability Management Platform
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
A library for detecting known secrets across many web frameworks
This project is about creating and publishing threat model examples.
Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
A Burp extension generates dynamic payloads to uncover injection flaws (LFI, RCE, SQLi), creates user access tables to identify authentication and authorization issues, attempts to bypass HTTP 403 access restrictions, and converts HTTP requests as JavaScript code for enhanced XSS exploitation.
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)
Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
An application to assist in the organization and prioritization of software security activities.
Generic SAST Library
A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities
Add a description, image, and links to the appsec topic page so that developers can more easily learn about it.
To associate your repository with the appsec topic, visit your repo's landing page and select "manage topics."