owasp-top-10 · GitHub Topics

#夺旗赛 (CTF) 和网络安全资源#OWASP Juice Shop：可能是最不安全的现代化，复杂的网站。用于漏洞学习目的，包含多种热门安全漏洞。

owasp JavaScript vulnerable Hacking application-security owasp-top-10 owasp-top-ten pentesting vulnapp appsec ctf Hacktoberfest 24pullrequests 安全

TypeScript 11.08 k

5 天前

payloadbox / sql-injection-payload-list

#安全#🎯 SQL Injection Payload List

sql-injection attacker owasp-top-10 payloads payload websecurity Bug Bounty security-research Hacking injection-attacks injection

5.38 k

9 个月前

xalgord / Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

Bug Bounty Hackathon-Kit Hacking owasp owasp-top-10 bugbountytips collection ethical-hacking

1.52 k

7 个月前

webpwnized / mutillidae

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, secu...

翻译 - OWASP Mutillidae II是一个免费的，开放源代码，故意易受攻击的Web应用程序，它是Web安全爱好者的目标。可以使用LAMP，WAMP和XAMMP将Mutillidae安装在Linux和Windows上。它已预安装在SamuraiWTF和OWASP BWA上。可以在这些平台上更新现有版本。具有数十个漏洞和提示来帮助用户；这是一个易于使用的Web黑客环境，设计用于实验室，安全爱好者，教室，CTF和漏洞评估工具目标。 Mutillidae已用于研究生安全课程，公司网络sec培训课程中，并作为漏洞评估软件的“评估评估者”目标。

安全 owasp owasp-top-10 Cybersecurity training Web application top 10 appsec penetration-testing

PHP 1.33 k

2 个月前

akto-api-security / akto

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

api-security api-discovery api-security-testing api-testing Authentication authorization devsecops idor owasp-top-10 安全 security-testing sensitive-data-exposure threat-detection Hacktoberfest hacktoberfest2023 devsecops-pipeline

Java 1.25 k

20 小时前

roottusk / vapi

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

翻译 - vAPI 是易受攻击的不利编程接口，它是一种自我托管的 API，它以练习的方式模仿 OWASP API 前 10 名场景。

owasp API apitop10 owasp-top-10 owasp-top-ten vulnerable-application appsec appsec-tutorials Bug Bounty Hacktoberfest Docker Cross-origin resource sharing (CORS)PHP Postman hacktoberfest-accepted exercises

HTML 1.22 k

3 个月前

Zeyad-Azima / Offensive-Resources

#学习与技能提升#A Huge Learning Resources with Labs For Offensive Security Players

API infrastructure learning 安全移动 Web hack Hacking owasp Cybersecurity web-security mobile-security offensive offensive-security red-team owasp-top-10 redteam cloud-security api-security red-teaming

956

3 年前

globocom / secDevLabs

A laboratory for learning secure web and mobile development in a practical manner.

翻译 - 以实用的方式学习安全Web开发的实验室。

owasp-top-10 labs Development training 安全 vulnerability Hacktoberfest hacktoberfest2022

PHP 924

7 个月前

appsecco / dvna

Damn Vulnerable NodeJS Application

翻译 - 该死的脆弱的NodeJS应用程序

Node.js dvna vulnerable-apps vulnerable 安全 owasp-top-10 owasp hack Testing

SCSS 724

1 年前

bmarsh9 / gapps

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com

compliance 安全 soc2 grc cmmc 27002 iso27001 nist hipaa nist-csf nist800-53 owasp owasp-top-10 csc pci pci-dss

HTML 526

3 个月前

OWASP / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

ios-security runtime-security ipa owasp-top-10 iOS

C 426

9 个月前

ghostery / local-sheriff

Think of Local sheriff as a recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII...

privacy-tools web-extension owasp-top-10 data-leakage sensitive-data-exposure

JavaScript 307

2 年前

ossamayasserr / WebAppPentestRoadmap

#新手入门#Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

burpsuite Cybersecurity owasp-top-10 penetration-testing pentest 路线图安全 web-security tryhackme portswigger

Python 279

2 年前

globaldatanet / aws-firewall-factory

Enhance the security of your web applications effortlessly with AWS Firewall Factory. Safeguard your valuable assets through seamless WAF deployment, updates, and staging, all centrally managed with A...

Amazon Web Services firewall governance waf TypeScript cdk amazon-web-services devsecops owasp 安全 Hacktoberfest owasp-top-10

TypeScript 245

6 天前

ivan-sincek / forbidden

Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.

ethical-hacking offensive-security penetration-testing 安全 Web web-penetration-testing Bug Bounty 403 brute-force bypass cURL owasp-top-10 Python red-team-engagement Fuzzing/Fuzz testing pycurl python-requests

Python 241

1 个月前

akto-api-security / 30-API-security-tests

🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the community. Next 30 days we will post test tutorials here.

owasp-top-10 安全 Testing

212

2 年前

OWASP / ASST

OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.

web-vulnerability-scanners Cybersecurity owasp-top-10 owasp vulnerability-scanners vulnerability-detection vulnerability-scanner vulnerability-assessment 安全 security-hardening security-testing

JavaScript 168

3 个月前

moeinfatehi / Backup-Finder

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)

application-security appsecurity burp burp-extensions burpsuite burpsuite-extender owasp penetration-testing pentesting portswigger data-leakage owasp-top-10 sensitive-data-exposure owasp-top-ten

Java 162

1 年前