#夺旗赛 (CTF) 和网络安全资源#OWASP Juice Shop:可能是最不安全的现代化,复杂的网站。用于漏洞学习目的,包含多种热门安全漏洞。
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
翻译 - OWASP NodeGoat项目提供了一个环境,以了解OWASP十大安全风险如何应用于使用Node.js开发的Web应用程序以及如何有效地解决这些问题。
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
翻译 - vAPI 是易受攻击的不利编程接口,它是一种自我托管的 API,它以练习的方式模仿 OWASP API 前 10 名场景。
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.
#安全#A simple PHP application to learn SQL Injection detection and exploitation techniques.
Python and Django implementation of the OWASP RailsGoat project
This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios).
PoC for CVE-2021-45897
Aplicación vulnerable al OWASP Top 10 2021, para el Curso de OWASP Top 10: Riesgos en Aplicaciones.
PoC for CVE-2022-23940
Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021
Praktek API Penetration Testing menggunakan Owasp crAPI
This repository is a dockerized PHP application containing some captcha logical bypass challenges (scenarios).
This will test various HTTP Request types against a web server
