Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Top 23 application-security Open-Source Projects
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.Project mention: Ask HN: Best Practices Guides You're Aware Of | news.ycombinator.com | 2023-06-21
OWASP Juice Shop: Probably the most modern and sophisticated insecure web applicationProject mention: Web Application Gauntlet | /r/bugbounty | 2023-06-29
Just grab the source code and modify it. Read through the code. Make the shop sell new things. Why start from scratch on such a broad and complex topic?
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.Project mention: Internal pentesting course | /r/Pentesting | 2023-03-03
A curated list of resources for learning about application security
Next generation web scanner
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...Project mention: Understanding Cloud Architectue | /r/cybersecurity | 2023-01-07
I recently bumped into https://github.com/jassics/security-study-plan which gives imho decent pointers if you are looking for a security related learning plan.
🎯 Command Injection Payload ListProject mention: practical command injection - command injection room | /r/tryhackme | 2022-12-10
Nothing I do is working. The payloads discussed during the room are not working. Nothing in this cheat sheet is working either https://github.com/payloadbox/command-injection-payload-list
Updating dependencies is time-consuming.. Solutions like Dependabot or Renovate update but don't merge dependencies. You need to do it manually while it could be fully automated! Add a Merge Queue to your workflow and stop caring about PR management & merging. Try Mergify for free.
Security automation content in SCAP, Bash, Ansible, and other formats (by ComplianceAsCode)Project mention: Oracle linux CIS benchmark | /r/ansible | 2023-06-07
Metlo is an open-source API security platform.Project mention: Using Metlo to Secure My Personal Finance App | dev.to | 2023-06-29
So far, I’ve been using Metlo's protection features to initially test out its capabilities on my app, but there’s still a whole other Testing feature that it has that I'm starting to look into. Everything I’ve tried out has been pretty quick and easy so hopefully I can play around with the Testing more to help me catch any other authentication or authorization vulnerabilities that might exist in my app. If this is something that interests you, you can check it out at https://metlo.com .
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Curating the best DevSecOps resources and tooling. (by TaptuIT)Project mention: DevSecOps Help | /r/cybersecurity | 2023-03-04
Awesome PHP Security Resources 🕶🐘🔐
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization testsProject mention: Plugins that allow you to automate the Authentication and Authorization Security Testin | dev.to | 2022-12-06
View on GitHub
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
open-appsec is an open-source machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. It is available for NGINX, NGINX Ingress, Envoy (Soon), Kong (Soon), Ambassador (Soon).Project mention: Seeking contributors for a security open-source project | /r/developersIndia | 2023-09-16
If someone in the community is interested in doing these projects, we will be happy to guide and help you. The contributions guidelines are available here: https://github.com/openappsec/openappsec/blob/main/CONTRIBUTING.md
A curated list of awesome iOS application security resources.
A Continuous Threat Modeling methodology
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.Project mention: Attempt#2 - HELP! I'm looking for beta testers for my app, and would be great if this post doesn't get deleted | /r/algeria | 2023-06-10
if i may ask, how did you test the app? would you recommend this?
Web Application Security Testing Tools
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
application-security related posts
Seeking contributors for a security open-source project
1 project | /r/developersIndia | 16 Sep 2023
open-appsec seeking contributors
1 project | /r/opensource | 20 Jul 2023
Web Application Gauntlet
2 projects | /r/bugbounty | 29 Jun 2023
1 project | /r/cybersecurity | 19 May 2023
Release 0.2 · PyCript BurpSuite Extension
1 project | /r/netsec | 19 May 2023
5 Common Server Vulnerabilities with Node.js (with code examples and solutions)
1 project | /r/node | 6 Mar 2023
1 project | /r/cybersecurity | 4 Mar 2023
A note from our sponsor - Sonar
www.sonarsource.com | 24 Sep 2023
What are some of the best open-source application-security projects? This list will help you: