caido
wstg
| caido | wstg | |
|---|---|---|
| 7 | 27 | |
| 822 | 6,735 | |
| 7.1% | 2.1% | |
| 6.7 | 7.6 | |
| 18 days ago | 10 days ago | |
| TypeScript | Dockerfile | |
| - | Creative Commons Attribution Share Alike 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
caido
-
Autorize â The most popular tool to discover AuthZ/AuthN flaws
Caido[1] a interception proxy written in Rust, is positioning itself as a "lightweight" alternative to Burp. It can't compete yet with Burp in terms of functionality, although it's certainly looking promising.
Perhaps one of few contenders to Burp in respect to features is ZAP[2].
[1] https://caido.io/
[2] https://www.zaproxy.org/
-
Show HN: PÄkiki Proxy â An intercepting proxy for penetration pesting
Thanks for the review and kind words. This was really one of the core goal to make it super accessible.
We developed it in Rust because we wanted to create a client/server architecture that you can deploy everywhere (Caido runs even on a rapsberry pi). We worked a lot on the frontend to make it snappy too, so its a combination of both.
Yes for sure, there is a privacy concern too with us forwarding request. It is in the issues of https://github.com/caido/caido.
-
Good alternative to postman ?
I have not tried it myself, but there is a tool called Caido https://www.youtube.com/watch?v=qLVu7rg9btk
-
Public beta of Caido, a BurpSuite alternative
Yes we are planning to work on extensions, but it is a bit more complicated to do in compiled languages like Rust and we have some tech debt to repay before we can start the work on that. You can follow the issue https://github.com/caido/caido/issues/2
- Show HN: Caido, a lightweight web security auditing toolkit
wstg
-
Where do you focus your time and energy?
At the beginning, I read all things in here https://owasp.org/www-project-web-security-testing-guide/, also gets familiars with owasp top 10. But later on, I focus on a few techniques only.
-
XSS
I highly recommend PortSwigger's Web Security Academy and have a look at the OWASP Web Security Testing Guide.
- Como identificar vulnerabilidades no cĂłdigo fonte?
- Internal pentesting course
-
I need some Help
You can follow OWASP web testing guide to learn about the test cases performed during testing.
-
Ask HN: Fallback remote job options for an experienced developer in the U.S.?
Most web app testing is performed using this guide https://owasp.org/www-project-web-security-testing-guide/
- Which security strategies can you recommend?
-
Pentest on web app priority
I highly recommend the OWASP Testing Guide: https://owasp.org/www-project-web-security-testing-guide/
-
Web App Pentesting Career
Hi, sit and learn https://owasp.org/www-project-web-security-testing-guide/ that's the best way, than may be EJPT.
-
Git branching for small teams
A short-lived branch-per-issue helps ensure that its resulting pull request doesnât get too large, making it unwieldy and hard to review carefully. The definition of âshortâ varies depending on the team or projectâs development velocity: for a small team producing a commercial app (like a startup), the time from issue branch creation to PR probably wonât exceed a week. For open source projects like the OWASP WSTG that depends on volunteers working around busy schedules, branches may live for a few weeks to a few months, depending on the contributor. Generally, strive to iterate in as little time as possible.
What are some alternatives?
offensive-docker - Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
OWASP-Testing-Checklist - OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
Proxyman - Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android âĄď¸
owasp-masvs - The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
ZAP - The ZAP core project
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
murder - Large scale server deploys using BitTorrent and the BitTornado library
bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
Hoppscotch - Open source API development ecosystem.
Damn-Vulnerable-Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.