appsec · GitHub Topics | GitHub 中文社区

CheatSheetSeries

Web应用程序安全项目@OWASP

OWASP组织创建的安全速查表，目标是帮助阅读者构建更加安全的应用程序

owasp code security cheatsheets best-practices appsec application-security

Python28.2 k

10 小时前

zaproxy

OWASP ZAP@zaproxy

OWASP Zed Attack Proxy（ZAP）是世界上最受欢迎的免费安全工具之一。ZAP可以帮助我们在开发和测试应用程序过程中，自动发现 Web应用程序中的安全漏洞。另外，它也是一款提供给具备丰富经验的渗透测试人员进行人工安全测试的优秀工具。

zap zap-development dast appsec zaproxy security security-scanner hacktoberfest

Java12.77 k

3 天前

dirsearch

@maurosoria

Web path scanner

翻译 - 网络路径扫描仪

fuzzer fuzzing python security dirsearch hacking pentesting penetration-testing bug-bounty appsec

Python12.21 k

4 天前

juice-shop

@juice-shop

#夺旗赛 (CTF) 和网络安全资源# OWASP Juice Shop：可能是最不安全的现代化，复杂的网站。用于漏洞学习目的，包含多种热门安全漏洞。

owasp javascript vulnerable hacking application-security owasp-top-10 owasp-top-ten pentesting vulnapp appsec

TypeScript10.49 k

2 天前

wstg

Web应用程序安全项目@OWASP

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

翻译 - Web 安全测试指南是一个全面的开源指南，用于测试 Web 应用程序和 Web 服务的安全性。

best-practices appsec appsec-tutorials guide owasp vulnerability-assessment bugbounty penetration-testing pentesting application-security

Dockerfile7.34 k

3 天前

security-study-plan

@jassics

网络安全工程师学习计划

aws-security study-guide study-plan appsec appsec-tutorials azure-security devsecops-university gcp-security pentesting application-security

4.42 k

23 天前

Security-101

Microsoft@microsoft

8 Lessons, Kick-start Your Cybersecurity Learning.

appsec cia-triad data-protection data-security iam identity risk-management secops security threat-modeling

HTML4.41 k

4 个月前

interactsh

ProjectDiscovery@projectdiscovery

An OOB interaction gathering server and client library

翻译 - OOB交互收集服务器和客户端库

appsec oast dns security http smtp ldap oob bugbounty golang

Go3.44 k

12 天前

dependency-track

@DependencyTrack

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca

Java2.71 k

2 天前

ziti

@openziti

The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti

networking vpn-2 appsec network zero-trust zero-trust-cloud zero-trust-network zero-trust-network-access zero-trust-security ztaa

Go2.63 k

2 个月前

bearer

@Bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast

Go2.04 k

7 天前

cicd-goat

@cider-security-research

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

appsec cicd devops infosec devsecops security jenkins ctf

Python1.95 k

4 个月前

mutillidae

@webpwnized

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, secu...

翻译 - OWASP Mutillidae II是一个免费的，开放源代码，故意易受攻击的Web应用程序，它是Web安全爱好者的目标。可以使用LAMP，WAMP和XAMMP将Mutillidae安装在Linux和Windows上。它已预安装在SamuraiWTF和OWASP BWA上。可以在这些平台上更新现有版本。具有数十个漏洞和提示来帮助用户；这是一个易于使用的Web黑客环境，设计用于实验室，安全爱好者，教室，CTF和漏洞评估工具目标。 Mutillidae已用于研究生安全课程，公司网络sec培训课程中，并作为漏洞评估软件的“评估评估者”目标。

security owasp owasp-top-10 cybersecurity training web application top 10 appsec

PHP1.26 k

10 天前

vapi

@roottusk

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

翻译 - vAPI 是易受攻击的不利编程接口，它是一种自我托管的 API，它以练习的方式模仿 OWASP API 前 10 名场景。

owasp api apitop10 owasp-top-10 owasp-top-ten vulnerable-application appsec appsec-tutorials bugbounty hacktoberfest

HTML1.18 k

1 年前

www-community

Web应用程序安全项目@OWASP

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

翻译 - OWASP社区页面是OWASP可以接受社区对安全相关内容的贡献的地方。

owasp appsec community-project

HTML1.13 k

6 小时前

Open-Source-Security-Guide

@mikeroyal

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

devsecops best-practices security vulnerabilities compliance security-hardening appsec owasp gdpr cve-scanning

Go919

1 年前

railsgoat

Web应用程序安全项目@OWASP

A vulnerable version of Rails that follows the OWASP Top 10

翻译 - 遵循OWASP Top 10的Rails的脆弱版本

rails security appsec ruby ruby-on-rails owasp-top vulnerabilities

HTML869

3 个月前