OWASP组织创建的安全速查表,目标是帮助阅读者构建更加安全的应用程序
MobSF (移动端安全框架)是一个自动化的移动端应用程序(Android/iOS/Windows)安全问题检出的框架和工具,可以进行静态和动态分析的渗透测试,恶意软件分析和安全评估
#夺旗赛 (CTF) 和网络安全资源#A collection of hacking / penetration testing resources to make you better!
翻译 - 一系列骇客/渗透测试资源,可助您一臂之力!
In-depth attack surface mapping and asset discovery
翻译 - 深度攻击面映射和资产发现
#夺旗赛 (CTF) 和网络安全资源#OWASP Juice Shop:可能是最不安全的现代化,复杂的网站。用于漏洞学习目的,包含多种热门安全漏洞。
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
翻译 - Web 安全测试指南是一个全面的开源指南,用于测试 Web 应用程序和 Web 服务的安全性。
A curated list of resources for learning about application security
翻译 - 精选的资源列表,用于学习应用程序安全性
A list of web application security
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
翻译 - Kubernetes山羊是一个“易受设计攻击的” Kubernetes集群。
DevSecOps, ASPM, Vulnerability Management. All on one platform.
翻译 - DefectDojo是一个开源应用程序漏洞关联和安全协调工具。
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
翻译 - 自动化渗透测试框架
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
翻译 - bluemonday:一种快速的golang HTML清理程序(受OWASP Java HTML Sanitizer的启发)来清理用户生成的XSS内容
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Awesome Node.js Security resources
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Compliance/Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS...
#Awesome#😎 🔗 Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
Automated Security Testing For REST API's
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library