The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Web path scanner

Open Source Vulnerability Management Platform

w3af: web application attack and audit framework, the open source web vulnerability scanner.

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

CTF challenge (mostly pwn) files, scripts etc

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

A library for detecting known secrets across many web frameworks

Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

This project is about creating and publishing threat model examples.

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

A Burp extension helps identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations, while also converting HTTP requests to JavaScript for enhanced XSS exploitation.

A source code static analysis platform for AppSec enthusiasts.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

The OWASP Secure Headers Project

HTML5 WebSocket message fuzzer

🔍A cutting edge context aware GraphQL API fuzzing tool!

Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)