Top 23 application-security Open-Source Projects

• CheatSheetSeries

  16 24,675 0.0 Python

  The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

  

  Project mention: Ask HN: Best Practices Guides You're Aware Of | news.ycombinator.com | 2023-06-21

• juice-shop

  7 8,673 9.2 TypeScript

  OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

  

  Project mention: Web Application Gauntlet | /r/bugbounty | 2023-06-29

  Just grab the source code and modify it. Read through the code. Make the shop sell new things. Why start from scratch on such a broad and complex topic?

• InfluxDB

  www.influxdata.com

  sponsored

  Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  

• wstg

  4 5,922 0.0 Dockerfile

  The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

  

  Project mention: Internal pentesting course | /r/Pentesting | 2023-03-03

• awesome-appsec

  0 5,772 0.0 PHP

  A curated list of resources for learning about application security

  

• WhatWeb

  0 4,744 0.0 Ruby

  Next generation web scanner

• security-study-plan

  3 3,808 10.0

  Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

  Project mention: Understanding Cloud Architectue | /r/cybersecurity | 2023-01-07

  I recently bumped into https://github.com/jassics/security-study-plan which gives imho decent pointers if you are looking for a security related learning plan.

• command-injection-payload-list

  1 2,241 0.0

  🎯 Command Injection Payload List

  

  Project mention: practical command injection - command injection room | /r/tryhackme | 2022-12-10

  Nothing I do is working. The payloads discussed during the room are not working. Nothing in this cheat sheet is working either https://github.com/payloadbox/command-injection-payload-list

• Mergify

  blog.mergify.com

  sponsored

  Updating dependencies is time-consuming.. Solutions like Dependabot or Renovate update but don't merge dependencies. You need to do it manually while it could be fully automated! Add a Merge Queue to your workflow and stop caring about PR management & merging. Try Mergify for free.

  

• content

  2 1,900 9.9 Shell

  Security automation content in SCAP, Bash, Ansible, and other formats (by ComplianceAsCode)

  

  Project mention: Oracle linux CIS benchmark | /r/ansible | 2023-06-07

• metlo

  19 1,463 10.0 TypeScript

  Metlo is an open-source API security platform.

  

  Project mention: Using Metlo to Secure My Personal Finance App | dev.to | 2023-06-29

  So far, I’ve been using Metlo's protection features to initially test out its capabilities on my app, but there’s still a whole other Testing feature that it has that I'm starting to look into. Everything I’ve tried out has been pretty quick and easy so hopefully I can play around with the Testing more to help me catch any other authentication or authorization vulnerabilities that might exist in my app. If this is something that interests you, you can check it out at https://metlo.com .

• learn365

  0 1,422 0.0

  This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

• Androl4b

  0 1,041 0.0

  A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

• awesome-devsecops

  1 1,027 0.0

  Curating the best DevSecOps resources and tooling. (by TaptuIT)

  

  Project mention: DevSecOps Help | /r/cybersecurity | 2023-03-04

• awesome-php-security

  0 885 0.0

  Awesome PHP Security Resources 🕶🐘🔐

  

• Autorize

  2 721 10.0 Python

  Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

  Project mention: Plugins that allow you to automate the Authentication and Authorization Security Testin | dev.to | 2022-12-06

  View on GitHub

• Application-Security-Engineer-Interview-Questions

  0 543 0.0

  Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

• Damn-Vulnerable-Bank

  0 539 0.0 Java

  Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

• openappsec

  23 364 10.0 C++

  open-appsec is an open-source machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. It is available for NGINX, NGINX Ingress, Envoy (Soon), Kong (Soon), Ambassador (Soon).

  

  Project mention: Seeking contributors for a security open-source project | /r/developersIndia | 2023-09-16

  If someone in the community is interested in doing these projects, we will be happy to guide and help you. The contributions guidelines are available here: https://github.com/openappsec/openappsec/blob/main/CONTRIBUTING.md

• awesome-ios-security

  0 364 0.0

  A curated list of awesome iOS application security resources.

• continuous-threat-modeling

  0 274 0.0

  A Continuous Threat Modeling methodology

  

• ThreatPlaybook

  0 256 0.0 Python

  A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

  

• Free-RASP-Community

  1 198 5.1

  SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.

  

  Project mention: Attempt#2 - HELP! I'm looking for beta testers for my app, and would be great if this post doesn't get deleted | /r/algeria | 2023-06-10

  if i may ask, how did you test the app? would you recommend this?

• crimson

  0 183 0.0 Python

  Web Application Security Testing Tools

• PyCript

  4 142 10.0 Python

  Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation testing.

  Project mention: PyCript 0.2: Burp Suite extension for bypassing client and server side. Allowing you to write your own custom logic in Python, JavaScript and Java. | /r/cybersecurity | 2023-05-19

• Sonar

  www.sonarsource.com

  sponsored

  Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  

application-security related posts

• Seeking contributors for a security open-source project
  1 project | /r/developersIndia | 16 Sep 2023
• open-appsec seeking contributors
  1 project | /r/opensource | 20 Jul 2023
• Web Application Gauntlet
  2 projects | /r/bugbounty | 29 Jun 2023
• PyCript 0.2: Burp Suite extension for bypassing client and server side. Allowing you to write your own custom logic in Python, JavaScript and Java.
  1 project | /r/cybersecurity | 19 May 2023
• Release 0.2 · PyCript BurpSuite Extension
  1 project | /r/netsec | 19 May 2023
• 5 Common Server Vulnerabilities with Node.js (with code examples and solutions)
  1 project | /r/node | 6 Mar 2023
• DevSecOps Help
  1 project | /r/cybersecurity | 4 Mar 2023
• A note from our sponsor - Sonar
  www.sonarsource.com | 24 Sep 2023

  Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →

Index

Sponsored

Write Clean Python Code. Always.

Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

www.sonarsource.com