Open-source projects categorized as application-security

Top 23 application-security Open-Source Projects

  • CheatSheetSeries

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    Project mention: Ask HN: Best Practices Guides You're Aware Of | | 2023-06-21
  • juice-shop

    OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

    Project mention: Web Application Gauntlet | /r/bugbounty | 2023-06-29

    Just grab the source code and modify it. Read through the code. Make the shop sell new things. Why start from scratch on such a broad and complex topic?

  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  • wstg

    The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

    Project mention: Internal pentesting course | /r/Pentesting | 2023-03-03
  • awesome-appsec

    A curated list of resources for learning about application security

  • WhatWeb

    Next generation web scanner

  • security-study-plan

    Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

    Project mention: Understanding Cloud Architectue | /r/cybersecurity | 2023-01-07

    I recently bumped into which gives imho decent pointers if you are looking for a security related learning plan.

  • command-injection-payload-list

    🎯 Command Injection Payload List

    Project mention: practical command injection - command injection room | /r/tryhackme | 2022-12-10

    Nothing I do is working. The payloads discussed during the room are not working. Nothing in this cheat sheet is working either

  • Mergify

    Updating dependencies is time-consuming.. Solutions like Dependabot or Renovate update but don't merge dependencies. You need to do it manually while it could be fully automated! Add a Merge Queue to your workflow and stop caring about PR management & merging. Try Mergify for free.

  • content

    Security automation content in SCAP, Bash, Ansible, and other formats (by ComplianceAsCode)

    Project mention: Oracle linux CIS benchmark | /r/ansible | 2023-06-07
  • metlo

    Metlo is an open-source API security platform.

    Project mention: Using Metlo to Secure My Personal Finance App | | 2023-06-29

    So far, I’ve been using Metlo's protection features to initially test out its capabilities on my app, but there’s still a whole other Testing feature that it has that I'm starting to look into. Everything I’ve tried out has been pretty quick and easy so hopefully I can play around with the Testing more to help me catch any other authentication or authorization vulnerabilities that might exist in my app. If this is something that interests you, you can check it out at .

  • learn365

    This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

  • Androl4b

    A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

  • awesome-devsecops

    Curating the best DevSecOps resources and tooling. (by TaptuIT)

    Project mention: DevSecOps Help | /r/cybersecurity | 2023-03-04
  • awesome-php-security

    Awesome PHP Security Resources 🕶🐘🔐

  • Autorize

    Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

    Project mention: Plugins that allow you to automate the Authentication and Authorization Security Testin | | 2022-12-06

    View on GitHub

  • Application-Security-Engineer-Interview-Questions

    Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

  • Damn-Vulnerable-Bank

    Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

  • openappsec

    open-appsec is an open-source machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. It is available for NGINX, NGINX Ingress, Envoy (Soon), Kong (Soon), Ambassador (Soon).

    Project mention: Seeking contributors for a security open-source project | /r/developersIndia | 2023-09-16

    If someone in the community is interested in doing these projects, we will be happy to guide and help you. The contributions guidelines are available here:

  • awesome-ios-security

    A curated list of awesome iOS application security resources.

  • continuous-threat-modeling

    A Continuous Threat Modeling methodology

  • ThreatPlaybook

    A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

  • Free-RASP-Community

    SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.

    Project mention: Attempt#2 - HELP! I'm looking for beta testers for my app, and would be great if this post doesn't get deleted | /r/algeria | 2023-06-10

    if i may ask, how did you test the app? would you recommend this?

  • crimson

    Web Application Security Testing Tools

  • PyCript

    Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation testing.

    Project mention: PyCript 0.2: Burp Suite extension for bypassing client and server side. Allowing you to write your own custom logic in Python, JavaScript and Java. | /r/cybersecurity | 2023-05-19
  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-09-16.

application-security related posts


What are some of the best open-source application-security projects? This list will help you:

Project Stars
1 CheatSheetSeries 24,675
2 juice-shop 8,673
3 wstg 5,922
4 awesome-appsec 5,772
5 WhatWeb 4,744
6 security-study-plan 3,808
7 command-injection-payload-list 2,241
8 content 1,900
9 metlo 1,463
10 learn365 1,422
11 Androl4b 1,041
12 awesome-devsecops 1,027
13 awesome-php-security 885
14 Autorize 721
15 Application-Security-Engineer-Interview-Questions 543
16 Damn-Vulnerable-Bank 539
17 openappsec 364
18 awesome-ios-security 364
19 continuous-threat-modeling 274
20 ThreatPlaybook 256
21 Free-RASP-Community 198
22 crimson 183
23 PyCript 142
Write Clean Python Code. Always.
Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.